JP4710221B2 - Information management system and information management program - Google Patents

Description

  The present invention relates to an information management system and an information management program, and in particular, an information management system and an information management program that can determine the range of information referers who refer to information based on the confidentiality and usefulness of information, The present invention also relates to an information management system and an information management program that can determine the range of information that can be referred to by a specific information referer based on the confidentiality and usefulness of information.

  With the development and popularization of information processing technologies such as word processors, e-mails, and web search tools, individuals and organizations have accumulated huge amounts of information. Therefore, there is a need for an information management technique for efficiently searching for and using useful information for individuals and organizations from such countless information. On the other hand, there is also a need for a technology related to so-called confidentiality protection and information leakage prevention so that information relating to the secret or privacy of an individual or an organization is not referred to by others without permission.

  In order to prevent information leakage, many information protection technologies such as information encryption, access restriction, and user authentication have been developed. There are already many products that use such information protection technology, but there are many types of information protection technology to be applied to which information and the settings to use the applied information protection technology. In this case, it is necessary for a human to judge. Selecting an appropriate information protection technique for information existing in various forms in various places and setting it appropriately is not easy for a person with specialized knowledge and is a heavy burden.

  So far, various systems have been proposed that determine the confidentiality (security level) of information based on keywords included in information and execute processing according to the confidentiality (for example, Patent Document 1 and Patent Document). 2, and Patent Document 3.). In the system described in Patent Document 1, the determined confidentiality is compared with the access authority of the information reference person, and it is determined whether or not data display and printing are enabled. In the apparatus described in Patent Document 2, a data communication path corresponding to the determined confidentiality is selected. In the apparatus described in Patent Literature 3, it is determined whether to deliver the electronic mail or to stop the delivery according to the determined confidentiality (electronic sensitivity of the electronic mail).

  Most organizations, including private companies, have useful information that should be shared and utilized within the organization and information that should not be seen by anyone other than a specific person as important confidential information. Sharing useful information leads to quick resolution of problems, and protection of confidential information is important for maintaining the organization's own trust and market competitiveness. Therefore, such an organization often needs to identify useful information and confidential information from information stored in a huge amount and appropriately manage each of them. However, since useful information and confidential information are not exclusive, it is easy to guess that there is a lot of useful and confidential information that is important for a specific party but should not be known to others. Here, a trade-off is imposed between the promotion of information sharing and the prevention of leakage in terms of applied technology and operation. For example, it is assumed that priority is given to prevention of information leakage and encryption is performed to protect the information from a third party. In this case, a user who is permitted to refer to the information also needs special preparation and procedures for decrypting the code. In addition, since the content of the encrypted information cannot be evaluated, even if necessary information is searched, the encrypted information is not included in the search result, and there is a possibility that an opportunity for effective information utilization is missed.

  As a technique for enabling document sharing while taking security into consideration, techniques described in Patent Document 4 and Patent Document 5 can be cited. In the system described in Patent Document 4, a portion corresponding to confidential information is partially masked instead of preventing the entire document from being read by a third party. Accordingly, it is possible to freely refer to portions other than the portion corresponding to the confidential information, and it is also possible to search for the portion. The apparatus described in Patent Document 5 classifies a document according to confidentiality, and performs encryption according to confidentiality for each divided portion. In the systems and apparatuses described in Patent Literature 4 and Patent Literature 5, which part is to be masked and how to divide a document are determined by a human.

  In addition, application software that performs morphological analysis on natural language sentences has been developed as a tool that can be used to determine confidential information. An example of such application software is “tea bowl” developed at Nara Institute of Science and Technology. A system equipped with this type of application software can perform part-of-speech decomposition using a dictionary. Furthermore, classification of nouns obtained by part-of-speech decomposition can be performed. For example, in Non-Patent Document 1 describing a dictionary of “tea bowl”, nouns are “noun-general”, “noun-proper noun-general”, “noun-proper noun-person name-general”, “noun-proprietary”. "Noun-Person Name-Last Name", "Noun-Proper Noun-Person Name-First Name", "Noun-Proper Noun-Place Name-General", "Noun-Proper Noun-Region-Country Name", "Noun-Suffix-Classifier" And a noun-sa-variant connection (things that can be connected to "become", "can do", "can do", "can do"), etc. " Yes.

JP 2001-266112 A (paragraphs 0007-0009) JP 2002-135351 A (paragraphs 0023-0076, FIG. 3) JP 2003-134167 A (paragraphs 0051-0055) JP-A-8-102758 (paragraphs 0016-0026) JP-A-5-244150 (paragraph 0031) Masayuki Asahara, Yuji Matsumoto, “ipadic version 2.6.3 User's Manual”, “5.1 Nouns (p.17-p.22)”, [online], August 2003, [September 2003 26th search], download from the link setting section of “ipdic manual” on the Internet, “URL: http://chasen.aist-nara.ac.jp/chasen/manual.html.ja”.

  In the system described in Patent Document 1, the confidentiality of data is determined from a keyword detected from data, and whether or not data display and printing are enabled is determined according to the confidentiality. In addition, when the system administrator himself / herself determines whether or not to take protection measures on information, it is general to make a determination considering only the sensitivity of the information. However, when information protection technology is determined based only on confidentiality, information protection technology (for example, encryption) is applied to useful information that should be widely disclosed, and as a result, the disclosure range of the useful information is as a result. There arises a problem that (the range of information referees who can refer to the information) is narrowed and cannot be appropriately disclosed. As a result, there is a high possibility that the opportunity to use useful information is lost, or excessive protection is applied to the useful information, and the usability of the information is impaired.

  Further, it is possible to determine the disclosure range of the information based on keywords or the like included in the information. However, in this case, it is necessary to predetermine the correspondence between the keyword and the disclosure range. In order to appropriately define this correspondence, a lot of knowledge and workload are required for the system administrator. In addition, it takes a great deal of labor to manually audit the extent to which individual information is disclosed to information viewers and what kind of protective measures are taken on individual information. The burden on the system administrator increases. You can also ask an outside expert to audit, but that would be expensive over time. Recently, the frequency of change of the organization constituted by information referers is high, and the change of the organization is also large. For this reason, it is difficult to conduct audits in accordance with organizational changes, review information protection measures, and review the scope of disclosure.

  In recent years, interest in security has increased, and various restrictions have also been placed on the transmission and browsing of information. For example, troublesome procedures such as user authentication and specification of the disclosure range of information have become necessary. Decisions on whether or not to perform these procedures were left to individual humans. Therefore, it is difficult for an organization having a very large number of members or a large company having a complex organization structure to determine an appropriate information disclosure range for the entire organization.

  Further, even a person who should be able to refer to certain information without any problem in secrecy cannot refer to the information unless it corresponds to the protection measures applied to the information. Such inconsistency will not occur if each individual can cope with the protective measures applied to the information, and if the types of the protective measures are appropriately determined for each individual. However, the management burden in such management is large, and as a result, inconsistencies as described above may occur.

  Therefore, an object of the present invention is to prevent loss of useful information utilization opportunities by determining the disclosure range of information based only on the confidentiality of information. It is another object of the present invention to make it easy to confirm to which information reference individual information is disclosed. It is another object of the present invention to make it easy to confirm what information a specific information referer can refer to. It is another object of the present invention to enable early detection of various inconsistencies that may occur when managing each information reference person and each information.

The information management system according to the present invention includes, as data related to each information referrer who wants to refer to information, identification information of the information referrer including the ID or name of the information referrer, positioning of the information referrer in the organization and information Information referrer attribute storage means for storing attribute information of an information referrer including keywords related to the referrer, and confidential information that is a word in which the information corresponds to confidential information by being included in the information A word is stored for each type of confidential information, and a means for storing a useful information word, which is a word indicating that the information can correspond to useful information by being included in the information, is referred to by an information reference person. It is determined that the predetermined information satisfies the standard that the predetermined information is confidential information on the condition that the predetermined information includes a confidential information word. In both cases, the type of confidential information is determined based on the type of confidential information word, and on the condition that the predetermined information includes a useful information word, the criterion that the predetermined information includes a useful information word is used. The content determination means for determining that the information is satisfied, the data related to each information referer stored in the information referrer attribute storage means, and the determination result of the content determination means, and a predetermined condition that satisfies the criterion of confidential information Identify information referers that fall within the organization that can refer to the type of confidential information of the information, and refer to the specified set of information referers without any problem of confidentiality It is determined that it is a disclosureable range that is a set of information referees, and among the keywords related to the information referrer, predetermined information that satisfies the criteria of including useful information words The number of keywords that match or are similar to the useful information words that are present is counted, the information reference whose count result is equal to or greater than a predetermined threshold is specified, and the specified set of information reference is Reference information by comparing at least two ranges of the disclosure possible range and the recommended disclosure range with a range determination unit that determines a disclosure recommended range that is a set of information referees who are recommended to refer to predetermined information Information corresponding to the range to which the information referer belongs, the information referrer belonging only to the disclosure possible range, the information referer belonging to the disclosure possible range and the recommended disclosure range, and the information belonging to only the recommended disclosure range The present invention is characterized by comprising range comparison means for creating correspondence relationship information representing each referrer and range display means for displaying the correspondence relationship information .

Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer The disclosure range is determined by extracting the identification information, and matches the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer. Alternatively, the number of similar keywords is counted, the information reference whose count result is equal to or greater than a predetermined threshold is specified, and the disclosure recommended range is determined by extracting the identification information of the specified information reference It may be configured to.

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer, and the position of the information referer in the organization see method adaptable authentication information reference user when information, and the information referring user attribute storage means for storing the attribute information of the information referencer including keywords related to the information the reference person, it is included in the information A word indicating that the information can be classified as useful information by storing the classified information word for each type of confidential information as well as storing the confidential information word, which is the word that the information is classified as confidential information. Means for storing the useful information word, and the predetermined information that may be referred to by the information reference includes a confidential information word. The information is classified as confidential information, and determines the type of confidential information based on the type of confidential information word, provided that the predetermined information includes a useful information word, Content determination means for determining that the predetermined information includes a criterion that a useful information word is included, data on each information referer stored in the information referer attribute storage means, and determination result of the content determination means Based on the above, the information reference person corresponding to the position in the organization that can refer to the type of the confidential information of the predetermined information satisfying the standard of being the confidential information is specified, and the set of the specified information reference users is determined. , It is determined that the predetermined information is a disclosureable range that is a set of information referers who can refer to the predetermined information without any problem of confidentiality, and useful information among keywords related to the information referrer Information that counts the number of keywords that match or are similar to the useful information word included in the predetermined information that meets the criteria for including a keyword, and the count result is equal to or greater than a predetermined threshold. Range determining means for identifying a reference person, and determining the set of the specified information reference person as a recommended disclosure range that is a set of information reference persons to be recommended to refer to the predetermined information; Based on the authentication method applied and the authentication method that can be handled by the information reference person, the information reference person who can correspond to the authentication method applied to the predetermined information is specified, and the specified information reference person A protective treatment effective range determination means that determines a set of information reference persons determined to be able to refer to the predetermined information, and at least the disclosure possible range, Comparing the three ranges of the recommended disclosure range and the protective treatment effective range, it is correspondence information between the information referer and the range to which the information referer belongs, and can be disclosed, the recommended disclosure range, and the protective treatment effective. Information referrer belonging to the scope, information referer belonging only to the disclosure possible scope, information referer belonging only to the recommended disclosure scope, information referer belonging only to the protective action effective scope, disclosure possible scope and protective action valid Information referer who belongs to the scope and does not belong to the recommended disclosure range, Information referer who belongs to the recommended disclosure range and the effective scope of protection measures, and does not belong to the disclosure possible range, and belongs to the disclosure possible range and the recommended disclosure scope, and the protective measures are effective It is characterized by comprising range comparison means for creating correspondence information representing information referers who do not belong to the scope, and range display means for displaying the correspondence information .

Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer The disclosure range is determined by extracting the identification information, and matches the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer. Alternatively, the number of similar keywords is counted, the information reference whose count result is equal to or greater than a predetermined threshold is specified, and the disclosure recommended range is determined by extracting the identification information of the specified information reference and, protective measures effective range judgment means, the authentication method has been applied to the predetermined information, information reference person, based on the adaptable authentication method is applied to the predetermined information That identifies possible information referer corresponds to the authentication process, it may be configured for determining the protective treatment coverage by extracting the identification information of the specified the information viewers.

Range operation means for accepting an operation of moving an information reference person in one range indicated by the correspondence information displayed on the range display means to another range, and the type of authentication method applied in advance to the predetermined information Further, it may be configured to include protection measure changing means for re-determining the type of authentication method that can be handled by an information referer who has performed a movement operation to another range using the range operation means .

The system administrator is instructed to apply the authentication method redefined by the protection action changing means for the predetermined information or to apply the authentication method redefined by the protection action changing means for the predetermined information. It may be configured to include protection measure application means for outputting to the other .

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. see method adaptable authentication information reference user when information, and the information referring user attribute storage means for storing the attribute information of the information referencer including keywords related to the information the reference person, it is included in the information A word indicating that the information can be classified as useful information by storing the classified information word for each type of confidential information as well as storing the confidential information word, which is the word that the information is classified as confidential information. Means for storing useful information words and information indicating information processing devices and application software used by each information referer for each information referer A condition storage means, such as a storage device, and a criterion that the predetermined information is confidential information on the condition that the predetermined information that may be referred to by an information reference includes a confidential information word. And determining the type of the confidential information based on the type of the confidential information word, and the predetermined information includes the useful information word on the condition that the predetermined information includes the useful information word. It is classified information based on the content determination means that determines that it satisfies the criteria for inclusion, the data related to each information referer stored in the information referrer attribute storage means, and the determination result of the content determination means An information referrer that corresponds to the position within the organization that can refer to the type of confidential information of the predetermined information that satisfies the criteria is specified, and the specified set of information referrers is defined as the predetermined information. Is determined to be a disclosureable range that is a set of information referers that can be referred to without confidentiality problems, and satisfies a criterion that a useful information word is included among keywords related to the information referrer Count the number of keywords that match or are similar to the useful information word included in the information, identify the information reference whose count result is equal to or greater than a predetermined threshold, A range determination means for determining a set as a recommended disclosure range that is a set of information referers who should recommend referring to the predetermined information, an authentication method applied to the predetermined information, and an information referer Based on possible authentication methods, an information referer who can handle the authentication method applied to the predetermined information is specified, and the set of specified information reference users is referred to the predetermined information. A protection treatment effective range determination means for determining as a protection treatment effective range that is a set of information referees determined to be able to perform information processing, and an information processing apparatus and application software corresponding to an authentication method applied to predetermined information Current disclosure range determination means for identifying information referers to be used, and determining the specified set of information referers as a current disclosure range that is a set of information referers who can actually refer to the predetermined information ; A correspondence relationship information between an information reference person and a range to which the information reference person belongs , by comparing at least four ranges of the disclosure possible range, the disclosure recommendation range, the protective treatment effective range, and the current disclosure range. Information referer belonging only to the disclosure possible range, information referer belonging to only the recommended disclosure range, and belonging to the disclosure possible range and the recommended disclosure range, Information referers who do not belong to the current disclosure range, information referers who belong to the disclosure possible range, recommended disclosure range, effective protective action range, and current disclosure range, and belong to the disclosure possible range and the recommended disclosure range, and are protected. Information referers who belong only to either the effective treatment range or the current disclosure range, information referers who do not belong to the disclosure possible range or the recommended disclosure range, and belong to the protective treatment effective range or the current disclosure range, and disclosure An information referer who belongs to the possible range, does not belong to the recommended disclosure range, and belongs to the protective treatment effective range and the current disclosure range, and belongs to the recommended disclosure range, does not belong to the openable disclosure range, and the protective treatment effective range and the current disclosure range. An information referer who belongs to the disclosure disclosure range, does not belong to the recommended disclosure range, and belongs to only one of the effective range of protection measures or the current disclosure range, and belongs to the recommended disclosure range and falls within the disclosure possible range. Belonging Information reference that belongs only to one of the protective treatment effective range and the current disclosure range, and does not belong to the disclosure possible range or the disclosure recommended range, and either the protective treatment effective range or the current disclosure range. And a range display unit for displaying the correspondence information .

Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer The disclosure range is determined by extracting the identification information, and matches the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer. Alternatively, the number of similar keywords is counted, the information reference whose count result is equal to or greater than a predetermined threshold is specified, and the disclosure recommended range is determined by extracting the identification information of the specified information reference and, protective measures effective range judgment means, the authentication method has been applied to the predetermined information, information reference person, based on the adaptable authentication method is applied to the predetermined information That identifies possible information referer corresponding to the authentication method, to determine the protective action scope by extracting the identification information of the specified the information reference person, the current disclosure range determining means is applied to a predetermined information The information disclosure apparatus corresponding to the authentication method and the application software used may be identified, and the current disclosure range may be determined by extracting identification information of the identified information referrer .

Range operation means for accepting an operation of moving an information reference person in one range indicated by the correspondence information displayed on the range display means to another range, and the type of authentication method applied in advance to the predetermined information Further, it may be configured to include protection measure changing means for re-determining the type of authentication method that can be handled by an information referer who has performed a movement operation to another range using the range operation means .

The system administrator is instructed to apply the authentication method redefined by the protection action changing means for the predetermined information or to apply the authentication method redefined by the protection action changing means for the predetermined information. It may be configured to include protection measure application means for outputting to the other .

In addition, the information management system according to the present invention supports the identification information of the information referrer including the ID or name of the information referrer as data related to each information referrer who wants to refer to the information, and the information referer corresponds to the information reference Information referrer attribute storage means for storing attribute information of an information referrer including possible authentication methods, and an apparatus for storing information indicating an information processing device and application software used by each information referer for each information referer The predetermined information is stored on the basis of an equal availability status storage means, an authentication method applied to predetermined information that may be referred to by an information reference, and an authentication method that can be handled by the information reference. An information reference that identifies an information referrer that can be applied to the applied authentication method, and that is determined to be able to refer to the predetermined information for a set of the identified information referrer And determining protective measures effective range determination unit as a protective treatment coverage is a set of identifying information reference who uses the information processing apparatus and the application software corresponding to the authentication method that is applied to predetermined information, identified Current disclosure range determination means for determining the set of information referrers as a current disclosure range that is a set of information referers who can actually refer to the predetermined information ; and at least the protection measure effective range and the current disclosure Information corresponding to the information referer and the range to which the information referer belongs , by comparing the two ranges of the range , and the information referer belonging to the protection measure effective range and the current disclosure range, and the protection measure effective range displays and a range comparator means for creating a correspondence relationship information indicating each one only belong information reference person and the current disclosure range, the correspondence relationship information Characterized in that a range display unit.

Protection treatment effective range judgment means, the authentication method has been applied to the predetermined information, based on information reference person in the adaptable authentication method, capable of supporting authentication method that is applied to the predetermined information The information disclosure person is specified, and the protection measure effective range is determined by extracting the identification information of the specified information reference person, and the current disclosure range determination means is information corresponding to the authentication method applied to the predetermined information The information disclosure person who uses the processing device and the application software is specified, and the current disclosure range may be determined by extracting the identification information of the specified information reference person .

Range operation means for accepting an operation of moving an information reference person in one range indicated by the correspondence information displayed on the range display means to another range, and the type of authentication method applied in advance to the predetermined information Further, it may be configured to include protection measure changing means for re-determining the type of authentication method that can be handled by an information referer who has performed a movement operation to another range using the range operation means .

The system administrator is instructed to apply the authentication method redefined by the protection action changing means for the predetermined information or to apply the authentication method redefined by the protection action changing means for the predetermined information. It may be configured to include protection measure application means for outputting to the other .

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. And information referer attribute storage means for storing attribute information of the information referrer including an authentication method that the information referer can handle when referring to the information, and the information is classified as confidential information by being included in the information Means for storing the confidential information word for each type of confidential information, and the predetermined information that may be referred to by the information reference includes the confidential information word. predetermined information as well as determined that meets the criteria of being confidential information, and determines content determining means the type of sensitive information based on the type of sensitive information words, information referrer genus And data for each information reference person storage means stores, on the basis of the judgment result of the content determining means, in a referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential The information referrer corresponding to the positioning is specified, and the specified set of information referrer is determined as a disclosureable range that is a set of information referrers that can refer to the predetermined information without any problem of confidentiality. Based on the range determination means, the authentication method applied to the predetermined information, and the authentication method that can be handled by the information reference person, an information reference person who can correspond to the authentication method applied to the predetermined information identified, a set of the identified said information referrer, the predetermined determining protective treatment effective range determination unit as a protective treatment coverage is a set of information referring who is determined to be able to refer to the information Compares the two ranges of at least the disclosed range and the protective treatment coverage, a corresponding relationship information between the range where the information referencer information reference person belongs, information reference who belong to only disclosed range And range comparison means for creating correspondence information representing information referents belonging to the disclosureable range and the protective treatment effective range, and information referers belonging only to the protective treatment effective range, and the correspondence information is displayed. And a range display means .

Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer The disclosure possible range is determined by extracting the identification information, and the protective treatment effective range determination means is configured to determine the predetermined range based on an authentication method applied to the predetermined information and an authentication method that can be handled by an information reference person. It may be configured to identify an information referer who can correspond to the authentication method applied to the information, and to determine the effective range of the protection measure by extracting the identification information of the identified information referrer.

Range operation means for accepting an operation of moving an information reference person in one range indicated by the correspondence information displayed on the range display means to another range, and the type of authentication method applied in advance to the predetermined information Further, it may be configured to include protection measure changing means for re-determining the type of authentication method that can be handled by an information referer who has performed a movement operation to another range using the range operation means .

The system administrator is instructed to apply the authentication method redefined by the protection action changing means for the predetermined information or to apply the authentication method redefined by the protection action changing means for the predetermined information. It may be configured to include protection measure application means for outputting to the other .

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer, and the position of the information referrer in the organization. And information referer attribute storage means for storing attribute information of the information referrer including an authentication method that the information referer can handle when referring to the information, and the information is classified as confidential information by being included in the information Means for storing confidential information words, which are words to be used, for each type of confidential information, and information storage devices used by each information referer and information indicating application software used for each information referer The predetermined information is classified on the condition that the possibility information storage means and the predetermined information that may be referred to by the information referer include a confidential information word. And data together, for each information referring party and determining content determining means a type of confidential information, the information reference user attribute storage means for storing based on the type of sensitive information word to determine that meets the criteria that is, Based on the determination result of the content determination means, the information referrer that corresponds to the position within the organization that can refer to the type of confidential information of the predetermined information that satisfies the criteria of confidential information is identified and identified Range determination means for determining the set of information referrers as a disclosureable range that is a set of information referers that can refer to the predetermined information without any security problems, and is applied to the predetermined information Based on the authentication method and the authentication method that can be dealt with by the information referer, the information referer who can identify the information referer who can handle the authentication method applied to the predetermined information is identified. Aggregating said and determining protective treatment effective range determination unit as a protective treatment coverage is a set of information referring who is determined to be able to refer to the predetermined information, the authentication method has been applied to the predetermined information The current disclosure range, which is a set of information referers who can actually refer to the set of the specified information referrers by specifying the information referrers who use the corresponding information processing apparatus and application software The present disclosure range determination means for determining the correspondence between the information reference person and the range to which the information reference person belongs is compared with at least three ranges of the disclosure possible range, the protective treatment effective range, and the current disclosure range. Information that belongs only to the disclosure scope and only to one of the disclosure scope, the protection scope, and the current disclosure scope An information referer belonging to, an information referrer belonging to the disclosure possible range, the protective treatment effective range, and the current disclosure range; Range comparison means for creating corresponding relationship information that does not belong to the disclosure possible range and that respectively represents information referers belonging to only one of the protection effective range and the current disclosure range, and a range for displaying the corresponding relationship information And a display means .

Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer The disclosure possible range is determined by extracting the identification information, and the protective action effective range determination means is configured to determine the predetermined range based on an authentication method applied to the predetermined information and an authentication method that can be handled by an information reference person. identify possible information referer corresponding authentication method that is applied to the information, it determines the protection process scope by extracting the identification information of the specified the information reference person, the current disclosure range determining means, a predetermined By identifying an information referring person who uses an information processing apparatus and application software corresponding to the authentication method applied to the information of the information, and extracting identification information of the specified information referring person It may be configured for determining the scope of disclosure.

Range operation means for accepting an operation of moving an information reference person in one range indicated by the correspondence information displayed on the range display means to another range, and the type of authentication method applied in advance to the predetermined information Further, it may be configured to include protection measure changing means for re-determining the type of authentication method that can be handled by an information referer who has performed a movement operation to another range using the range operation means .

The system administrator is instructed to apply the authentication method redefined by the protection action changing means for the predetermined information or to apply the authentication method redefined by the protection action changing means for the predetermined information. It may be configured to include protection measure application means for outputting to the other .

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer, and the position of the information referrer in the organization. Information reference attribute storage means for storing the attribute information of the information reference including information , and a confidential information word that is a word that the information corresponds to confidential information by being included in the information Information storage device for each information reference, information processing device used by each information referrer, device for storing information indicating application software, etc., and possibility of being referred to by information referrer On the condition that certain predetermined information includes a confidential information word, it is determined that the predetermined information satisfies a criterion that it is confidential information, and And determining content determining means the type of sensitive information based on the type of sensitive information word, the data for each information referencer for storing information see user attribute storage means, based on the determination result of the content determining means, confidential information Identifying an information referrer that corresponds to the position within the organization that can refer to the type of confidential information of the predetermined information that satisfies the criteria of being, and identifying the set of the specified information referrer as the predetermined information Uses range determination means for determining the disclosure possible range, which is a set of information referers that can be referred to without confidentiality problems, and an information processing device and application software corresponding to an authentication method applied to predetermined information Current disclosure range, which is a set of information referers who can actually refer to the specified information. A current disclosure range determining means for determining and, a correspondence relationship information of at least the disclosed range and the comparing the two ranges of the current disclosure range, range the information referencer information reference person belongs, Range comparison means for creating correspondence information that respectively represents an information reference belonging to only the disclosure possible range, an information reference belonging to the disclosure possible range and the current disclosure range, and an information reference belonging to only the current disclosure range ; A range display means for displaying the correspondence information is provided.

Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer The disclosure possible range is determined by extracting the identification information, and the current disclosure range determination means identifies an information referer who uses the information processing apparatus and application software corresponding to the authentication method applied to the predetermined information, The present disclosure range may be determined by extracting the identification information of the identified information reference person .

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. Information referer attribute storage means for storing the attribute information of the information referrer including a keyword related to the information referrer, and a word that corresponds to the confidential information by being included in the information A means for storing a confidential information word for each type of confidential information, a useful information word that is a word indicating that the information can correspond to useful information by being included in the information, and each information reference person In addition, an information processing device used by each information referrer, a device for storing information indicating application software, etc., a usable status storage means, and an information referrer On the condition that the predetermined information that may be referred to includes a confidential information word, it is determined that the predetermined information satisfies the standard that it is confidential information, and based on the type of the confidential information word Content determination means for determining the type of confidential information and determining that the predetermined information includes a useful information word on condition that the predetermined information includes a useful information word And the type of confidential information of the predetermined information that satisfies the criteria of confidential information based on the data related to each information reference stored in the information reference attribute storage means and the determination result of the content determination means Information that can identify an information reference person who falls within the possible position within the organization, and can refer to the specified set of information reference person without any confidentiality problem. It is determined as a disclosureable range that is a set of readers, and matches a useful information word included in predetermined information that satisfies a criterion that a useful information word is included among keywords related to an information reference or It is recommended to count the number of similar keywords, identify information referrers whose count result is equal to or greater than a predetermined threshold, and refer to the predetermined information for the specified set of information referrers Identifies and identifies the information referrer who uses the information processing device and application software corresponding to the authentication method applied to the predetermined information , the range determination means that determines the disclosure recommended range that is a set of information referees The present disclosure range determination that determines the set of information referees as the present disclosure range that is a set of information referers who can actually refer to the predetermined information. Means, and at least three ranges of the disclosure possible range, the recommended disclosure range, and the current disclosure range, and corresponding information on the relationship between the information reference and the range to which the information reference belongs, and the disclosure possible range Information referers belonging to the disclosure disclosure range and the current disclosure range, information referers belonging only to the disclosure possible range, information referers belonging only to the disclosure recommendation range, information referers belonging only to the current disclosure range, and disclosure An information referer who belongs to the possible scope and the current disclosure scope and does not belong to the recommended disclosure scope, an information reference who belongs to the recommended disclosure scope and the present disclosure scope and does not belong to the disclosed scope, and an openable scope and a recommended disclosure scope The present invention is characterized by comprising range comparison means for creating correspondence information representing information referers who do not belong to the current disclosure range and range display means for displaying the correspondence information .

Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer The disclosure range is determined by extracting the identification information, and matches the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer. Alternatively, the number of similar keywords is counted, the information reference whose count result is equal to or greater than a predetermined threshold is specified, and the disclosure recommended range is determined by extracting the identification information of the specified information reference and, the current disclosure range determining means, especially information reference who uses the information processing apparatus and the application software corresponding to the authentication method that is applied to predetermined information And it may be configured for determining the current disclosure range by extracting the identification information of the specified the information viewers.

In addition, the information management system according to the present invention supports the identification information of the information referrer including the ID or name of the information referrer and the information referer at the time of referring to the information as data related to each information referrer who wants to refer to the information. Information referer attribute storage means for storing possible authentication methods and attribute information of information referrers including keywords related to the information referrer, and the information may correspond to useful information by being included in the information Means for storing a useful information word that is a word indicating that, and the predetermined information is useful information word on the condition that the predetermined information that may be referred to by the information reference includes the useful information word. and has a determining content determining means satisfies the criteria that they contain, and data for each information referencer for storing information see user attribute storage means, determination of content determining means Counting on the basis of the result, among the keywords associated with the information referring person, the number of matching keywords or similar useful information word included in the predetermined information that meet the criteria that they contain useful information words A set of information referees who should recommend that the specified information referrer be referred to the predetermined information by identifying the information referer whose count result is equal to or greater than a predetermined threshold. An authentication method applied to the predetermined information based on a range determination means for determining the recommended disclosure range, an authentication method applied to the predetermined information, and an authentication method that can be handled by an information reference person The information referer who can handle the information is specified, and the set of the specified information referrer is defined as a protection measure effective range which is a set of information referrers determined to be able to refer to the predetermined information. Protective treatment effective range determination means for determining, by comparing the two ranges of at least the disclosure recommended range and the protective treatment coverage, a corresponding relationship information between the range where the information referencer information reference person belongs, Range comparison means for creating correspondence information representing information referers belonging only to the recommended disclosure range, information referers belonging to the recommended disclosure range and the effective protective action range, and information referers belonging to only the effective protective action range And range display means for displaying the correspondence information .

Range determining means, among the keywords associated with the information referring person, counts the number of matching keywords or similar useful information word included in the predetermined information that meet the criteria that they contain useful information words And determining a disclosure recommended range by identifying an information referrer whose count result is equal to or greater than a predetermined threshold, and extracting identification information of the identified information referrer, and a protective measure effective range determining unit Identifies an information referer who can handle the authentication method applied to the predetermined information based on an authentication method applied to the predetermined information and an authentication method that can be handled by the information referer, The protection treatment effective range may be determined by extracting the identified identification information of the information reference person .

Range operation means for accepting an operation of moving an information reference person in one range indicated by the correspondence information displayed on the range display means to another range, and the type of authentication method applied in advance to the predetermined information Further, it may be configured to include protection measure changing means for re-determining the type of authentication method that can be handled by an information referer who has performed a movement operation to another range using the range operation means .

The system administrator is instructed to apply the authentication method redefined by the protection action changing means for the predetermined information or to apply the authentication method redefined by the protection action changing means for the predetermined information. It may be configured to include protection measure application means for outputting to the other .

In addition, the information management system according to the present invention supports the identification information of the information referrer including the ID or name of the information referrer and the information referer at the time of referring to the information as data related to each information referrer who wants to refer to the information. Information referer attribute storage means for storing possible authentication methods and attribute information of the information referrer including keywords related to the information referrer, and the information can correspond to useful information by being included in the information Means for storing useful information words that are words representing information, usable information storage means such as an apparatus for storing information indicating information processing apparatuses and application software used by each information referer for each information referer, and information The predetermined information includes the useful information word on the condition that the predetermined information that may be referred to by the reference includes the useful information word. Keyword and the determining content determining means satisfies the criteria of that, the data for each information referencer for storing information see user attribute storage means, based on the determination result of the content determining means, associated with the information referring person Among them, the number of keywords that match or are similar to the useful information words included in the predetermined information that satisfies the criteria of including useful information words is counted, and the count result is equal to or greater than a predetermined threshold value. A range determination unit that identifies the information referrer who has become, and determines the specified set of information referrer as a disclosure recommended range that is a set of information referrers to be recommended to refer to the predetermined information ; Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information reference person, the information reference compatible with the authentication method applied to the predetermined information Identify a set of identified the information referrer, and determining protective treatment effective range determination unit as a protective treatment coverage is a set of information referring who is determined to be able to refer to the predetermined information, It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and to actually refer to the specified information for the specified set of information referrers. A current disclosure range determination unit that determines a current disclosure range that is a set of possible information reference users, and compares at least three ranges of the disclosure recommendation range, the protective action effective range, and the current disclosure range ; Correspondence information with the range to which the information referer belongs, which is an information referrer that belongs only to the recommended disclosure range, and that belongs to only the recommended disclosure range, and has protective measures. Information referers who belong only to one of the effective range and the current disclosure range, information referers who belong to the recommended disclosure range, the effective range of protection measures, and the current disclosure range, and that do not belong to the recommended disclosure range and are effective in the protective measures Range for creating correspondence information that represents information referers that belong to the scope and the current disclosure range, and information referers that do not belong to the recommended disclosure range and belong only to one of the effective protection scope and the current disclosure range Comparing means and range display means for displaying the correspondence information are provided.

Range determining means, among the keywords associated with the information referring person, counts the number of matching keywords or similar useful information word included in the predetermined information that meet the criteria that they contain useful information words And determining a disclosure recommended range by identifying an information referer whose count result is equal to or greater than a predetermined threshold, and extracting identification information of the identified information referer, and a protective treatment effective range determining means Identifies an information referer who can handle the authentication method applied to the predetermined information based on an authentication method applied to the predetermined information and an authentication method that can be handled by the information referer. determining the protective treatment coverage by extracting the identification information of the specified the information reference person, the current disclosure range determining means processing instrumentation corresponding to the authentication method that is applied to predetermined information And identifies the information reference who use application software, it may be configured for determining the current disclosure range by extracting the identification information of the specified the information viewers.

Range operation means for accepting an operation of moving an information reference person in one range indicated by the correspondence information displayed on the range display means to another range, and the type of authentication method applied in advance to the predetermined information Further, it may be configured to include protection measure changing means for re-determining the type of authentication method that can be handled by an information referer who has performed a movement operation to another range using the range operation means .

The system administrator is instructed to apply the authentication method redefined by the protection action changing means for the predetermined information or to apply the authentication method redefined by the protection action changing means for the predetermined information. It may be configured to include protection measure application means for outputting to the other .

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer and a keyword related to the information referrer Information referer attribute storage means for storing attribute information of the information reference person, means for storing a useful information word which is a word indicating that the information can correspond to useful information by being included in the information, Useful information storage means such as a device for storing information indicating the information processing device and application software used by each information referer and predetermined information that can be referred to by the information referer are useful for each information referer on condition that it contains information word, and a determining content determining means and the predetermined information satisfies the criteria that they contain useful information words And data for each information referencer for storing information see user attribute storage means, based on the determination result of the content determining means, among the keywords associated with the information reference person, meet the criteria that they contain useful information words The number of keywords that match or are similar to useful information words included in the predetermined information is counted, information referees whose count result is equal to or greater than a predetermined threshold are identified, and the identified information reference A range determination unit that determines a set of users as a recommended disclosure range that is a set of information referees who are recommended to refer to the predetermined information, and information processing corresponding to an authentication method applied to the predetermined information It is possible to identify an information referrer who uses the device and application software, and to actually refer to the specified information for the set of the identified information referrer. A current disclosure range determining means determines as a current disclosure range is a set of information referring's compare two ranges of at least the disclosure recommended range and the current disclosure range, range the information referencer information reference person belongs Information corresponding to the disclosure recommendation range, the information reference belonging to the disclosure recommendation range and the current disclosure range, and the information reference belonging to only the current disclosure range A range comparison unit for creating information and a range display unit for displaying the correspondence information are provided.

Range determining means, among the keywords associated with the information referring person, counts the number of matching keywords or similar useful information word included in the predetermined information that meet the criteria that they contain useful information words Then, the information reference person whose count result is equal to or greater than a predetermined threshold is specified, the recommended disclosure range is determined by extracting the identification information of the specified information reference person, and the current disclosure range determination means is The information disclosure device that uses the information processing apparatus and application software corresponding to the authentication method applied to the predetermined information is identified, and the current disclosure range is determined by extracting the identification information of the identified information referrer It may be configured as follows.

The content determining means assumes that the predetermined information including a word partially matching the confidential information word is confidential information, and determines the assumed confidential information type based on the confidential information word type. The range determination means identifies an information reference corresponding to the position within the organization that can refer to the assumed type of confidential information, and refers to the information set constituting the disclosure possible range for the specified set of information reference It is determined that it is an uncertain set that is a set of information referrers that cannot be said to be an information referrer that constitutes the range that can be surely disclosed, and the range display means includes information that belongs to the uncertain set. It may be configured to display a referrer.

Range determining means, among the keywords associated with the information referring person, counts the number of matching keywords or similar useful information word included in the predetermined information that meet the criteria that they contain useful information words And, the count result is less than a predetermined threshold, but the information referrer is identified with a difference between the count value and the threshold value within a predetermined value, the set of identified information referrer, It may be an information referer that constitutes the recommended disclosure range, but it is determined as an uncertain set that is a set of information referrals that cannot be said to be a reliable information reference, and the range display The means may be configured to display information referrers belonging to the uncertain set .

The range display means includes individual means to which each information referer classified in the correspondence information belongs , and includes designation means for designating the individual ranges , and the range display means is a range designated by the designation means. The information referer belonging to may be displayed based on the correspondence information.

It may be configured to include range operation means for accepting an operation of moving an information reference person in one range indicated by the correspondence relationship information displayed on the range display means to another range .

Information arrangement means for storing predetermined information in a storage area for which an access method is determined in advance may be provided.

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. Information referer attribute storage means for storing the attribute information of the information referrer including a keyword related to the information referrer, and a word that corresponds to the confidential information by being included in the information Means for storing a confidential information word for each type of confidential information, storing a useful information word that is included in the information and indicating that the information can correspond to useful information, and a predetermined storage area for each information stored in, on condition that the information contains confidential information words, if the information meets the criteria of being confidential determine And determining the type of confidential information based on the type of confidential information word and satisfying the criteria that the information includes a useful information word on the condition that the information includes a useful information word Content determination means to be determined, data related to each information referer stored in the information referrer attribute storage means, and a predetermined information referer positioning in the organization based on the determination result of the content determination means , Identify the information corresponding to the type of confidential information that can be referred to by the information referrer corresponding to the positioning, and refer to the specified set of information without any problem of confidentiality. A keyword related to the predetermined information referrer is determined for each piece of information that satisfies the criterion of including a useful information word. Among them, the number of keywords that match or are similar to the useful information word included in the information is counted, the information whose count result is equal to or greater than a predetermined threshold is specified, and the set of the specified information is determined. A range determination means for determining a reference recommended range that is a set of information determined to be useful for the predetermined information reference person, and comparing at least two ranges of the referenceable range and the reference recommended range; Correspondence information between the information and the range to which the information belongs, corresponding to information that belongs only to the referable range, information that belongs to the referable range and the recommended reference range, and information that belongs only to the recommended reference range It is characterized by comprising range comparison means for creating relationship information and range display means for displaying the correspondence information .

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. Information referer attribute storage means for storing the attribute information of the information referrer including a keyword related to the information referrer, and a word that corresponds to the confidential information by being included in the information A means for storing a confidential information word for each type of confidential information, a useful information word that is a word indicating that the information can correspond to useful information by being included in the information, and each information reference person to the information processing apparatus and a device such as a usability status storage means for storing information indicating the application software each information reference's use, predetermined storage Be stored in the band, for each information attribute information indicating an authentication method that is applied is added, on condition that the information contains confidential information words, the criterion that the information is confidential Criteria that the information includes a useful information word on the condition that the information includes a useful information word, and determines that the type of the confidential information is determined based on the type of the confidential information word. Content determination means for determining that the information is satisfied, data related to each information reference stored in the information reference attribute storage means, and the determination result of the content determination means based on the predetermined information reference Refers to the position within the organization, specifies information corresponding to the type of confidential information that can be referred to by the information reference person corresponding to the position, and sets the specified set of information to the predetermined information The predetermined information referrer is determined for each piece of information that satisfies the criteria of including a useful information word, and is determined to be a referenceable range that is a set of information that can be referred to by a report referer without any problem of confidentiality. The number of keywords that match or similar to the useful information word included in the information among the keywords related to is counted, the information whose count result is equal to or greater than a predetermined threshold is specified, and the specified Range determining means for determining a set of information as a recommended reference range that is a set of information determined to be useful for the predetermined information referer, an information processing apparatus and application software used by the predetermined information referer It is possible to identify information to which an authentication method supported by is applied, and the predetermined information referer can actually refer to the specified set of information. Information and the information by comparing at least three ranges of the referenceable range, the reference recommended range, and the current referenceable range with the current referenceable range determination means for determining the current referenceable range that is a set of information that can be obtained Information corresponding to the range to which the reference belongs, information that belongs to the referenceable range, reference recommended range, and current referenceable range, information that belongs only to the referenceable range, information that belongs only to the reference recommended range, and the current reference Information that belongs only to the possible range, information that belongs to the referenceable range and the current referenceable range, does not belong to the recommended reference range, information that belongs to the recommended reference range and the current referenceable range and does not belong to the referenceable range, and can be referred to includes a range comparing means for creating a correspondence relationship information indicating the range between the reference recommended range and to belong to the information that does not belong to the current reference range, respectively, and a range display means for displaying the correspondence relationship information It is characterized in.

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. see method adaptable authentication information reference user when information, and the information referring user attribute storage means for storing the attribute information of the information referencer including keywords related to the information the reference person, it is included in the information A word indicating that the information can be classified as useful information by storing the classified information word for each type of confidential information as well as storing the confidential information word, which is the word that the information is classified as confidential information. Means for storing useful information words and information indicating information processing devices and application software used by each information referer for each information referer And憶an apparatus such as available status storage means, have been stored in a predetermined storage area, for each information attribute information indicating an authentication method that is applied is added, that the information contains confidential information words On the condition that the information satisfies the criteria that the information is confidential information, and the type of confidential information is determined based on the type of confidential information word, and the information includes a useful information word Content determining means for determining that the information includes a useful information word, data relating to each information referer stored in the information referer attribute storage means, and determination result of the content determining means; information which refers to the positioning in the tissue of the predetermined information reference who predetermined information referencer corresponding to the positioning corresponds to the reference possible types of sensitive information based on It is determined that the specified set of information is a referenceable range that is a set of information that can be referred to by the predetermined information reference person without any problem of confidentiality, and includes a useful information word. For each piece of information that satisfies the criteria, the number of keywords that match or are similar to the useful information word included in the information among the keywords related to the predetermined information referer is counted, and the count result is predetermined. Range determination means for identifying information that is equal to or greater than a threshold value, and determining the specified set of information as a recommended reference range that is a set of information determined to be useful for the predetermined information reference person ; A set of the specified information by identifying information to which an authentication method supported by an information processing apparatus and application software used by the predetermined information referer is applied Refer to a current referable range determination unit that determines a current referenceable range that is a set of information that can be actually referred to by the predetermined information referer, and an authentication method that can be handled by the predetermined information referer Then, the information to which the authentication method is applied is specified, and the set of the specified information is a protection measure effective that is a set of information to which the authentication method to which the predetermined information referer is applicable is applied. protective treatment effective range determining means for determining a range, at least the reference range, the reference recommended range, the by comparing the four ranges of the current reference range and said protective treatment scope, range information and the information belongs Information that belongs only to the referenceable range, information that belongs only to the recommended reference range, and that belongs to the referenceable range and the recommended reference range, and is in the current referenceable range and the protective action effective range. Information that does not belong, information that belongs to the referenceable range, recommended reference range, current referenceable range, and protective action effective range, and that belongs to the referenceable range and recommended reference range, and that are within the current referenceable range and protective action effective range. Information that belongs to only one of them, does not belong to the referenceable range and the recommended reference range, and belongs to the current referenceable range and the protective action effective range, belongs to the referenceable range, does not belong to the recommended reference range, In addition, information belonging to the current referenceable range and the protective action effective range, information belonging to the recommended reference range, not belonging to the referenceable range, and belonging to the current referenceable range and protective action effective range, and the reference belonging to the referenceable range Information that does not belong to the recommended range and belongs to only one of the current referenceable range and effective protection range, and that belongs to the recommended recommended range and does not belong to the referenceable range, and that currently belongs and can be protected Correspondences that respectively represent information that belongs to only one of the effective ranges, and information that does not belong to the referenceable range or the recommended reference range, and that belongs to only one of the current referenceable range and the protective action effective range A range comparison unit for creating information and a range display unit for displaying the correspondence information are provided.

In addition, the information management system according to the present invention supports the identification information of the information referrer including the ID or name of the information referrer as data related to each information referrer who wants to refer to the information, and the information referer corresponds to the information reference Information referrer attribute storage means for storing attribute information of an information referrer including possible authentication methods, and an apparatus for storing information indicating an information processing device and application software used by each information referer for each information referer Information used by a predetermined predetermined information reference person from each information that is stored in a predetermined storage area and attribute information indicating an applied authentication method is added. The information to which the authentication method supported by the processing device and the application software is applied is specified, and the specified set of information is set as the predetermined information. A current referable range determination unit that determines a current referable range that is a set of information that can be referred to by a viewer, and an authentication method that can be handled by the predetermined information referer. Protective action that identifies applied information and determines the specified set of information as a protective action effective range that is a set of information to which an authentication method that can be handled by the predetermined information reference person is applied an effective range determination means compares the two ranges of at least the protective treatment coverage and the current reference range, a corresponding relationship information between the range information and the information belongs, protective measures the current reference range tables and information belonging to the scope, the scope comparing means for creating a correspondence relationship information indicating each one only belong information and the protective treatment scope as current reference range, the correspondence relationship information Characterized in that a range display unit that.

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. Information reference attribute storage means for storing the attribute information of the information reference including the information reference, and the confidential information word that is the word that the information corresponds to the confidential information by being included in the information means for storing for each, for each information referrer, and an information processing apparatus and a device such as a usability status storage means for storing information indicating the application software each information reference's use, be stored in a predetermined storage area , for each information attribute information indicating an authentication method that is applied is added, on condition that the information contains confidential information words, said information confidential Thereby determined that meets the criteria of being broadcast, and determines content determining means the type of sensitive information based on the type of sensitive information word, the data for each information referencer for storing information see User attribute storage means , Based on the determination result of the content determination means, refer to the predetermined position of the information reference in the organization, and corresponds to the type of confidential information that can be referred to by the information reference corresponding to the position identifying information, a set of the identified said information, said predetermined information reference person and reference range and determining range determining means is a set of information that can be referred without any problems on the confidentiality of the predetermined The information processing apparatus used by the information referer and the information to which the authentication method supported by the application software is applied are specified, and the specified set of information is set as the specified information. And the current reference range determining means for determining a current reference range, which is a collection of information that may be information referring person actually refer to the, to compare two ranges of at least the reference range and said current reference range Information corresponding to the range to which the information belongs, information belonging only to the referenceable range, information belonging to the referenceable range and the current referenceable range, information belonging to only the current referenceable range, Is provided with range comparison means for creating correspondence relationship information representing each of the above and range display means for displaying the correspondence relationship information .

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. And information referer attribute storage means for storing attribute information of the information referrer including an authentication method that the information referer can handle when referring to the information, and the information is classified as confidential information by being included in the information Means for storing confidential information words, which are words to be used, for each type of confidential information, and information storage devices used by each information referer and information indicating application software used for each information referer and possible status storage means, have been stored in a predetermined storage area, for each information attribute information indicating an authentication method that is applied is added, information machine It on condition containing information word, together with the information is determined to meet the criteria of being confidential information, and determines content determining means the type of sensitive information based on the type of sensitive information word, the information Based on the data related to each information referer stored in the referrer attribute storage means and the determination result of the content determination means , the positioning in the organization of a predetermined predetermined information referrer is referred to, and it corresponds to the positioning The information corresponding to the kind of confidential information that can be referred to by the information referer is identified, and the specified set of information is a set of information that can be referred to by the predetermined information referer without any problem of confidentiality. a range determining means for determining that there is the reference range, the authentication method information processing apparatus and the application software the predetermined information reference's use is compatible is applied Identifying information are a set of identified the information, and the current reference range determining means for determining a current reference range that is a collection of the information prescribed information reference person can actually refer to the predetermined Authentication method that can be supported by the information reference person, the information to which the authentication method is applied is specified, and the specified set of information is supported by the predetermined information reference person A protective treatment effective range determination means for determining a protective treatment effective range which is a set of information to which is applied , and at least three ranges of the referenceable range, the current referenceable range and the protective treatment effective range are compared, Information corresponding to information and the range to which the information belongs, information that belongs only to the referenceable range, and that belongs to the referenceable range, and that is only in one of the current referenceable range and the protective action effective range Information belonging to the information that belongs, the information that can be referred to, the current referenceable range, and the effective range of protection measures, the information that does not belong to the referenceable range, and that belongs to the current referenceable range and effective range of the protective measures, and the referenceable range A range comparison unit that creates correspondence information that does not belong to the current referenceable range and information that belongs to only one of the protective action effective range, and a range display unit that displays the correspondence information. It is characterized by that.

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. And information referer attribute storage means for storing attribute information of the information referrer including an authentication method that the information referer can handle when referring to the information, and the information is classified as confidential information by being included in the information means for storing confidential information word for each type of sensitive information is to become a word that, be stored in a predetermined storage area, for each information attribute information indicating an authentication method that is applied is added , On the condition that the information contains a confidential information word, it is determined that the information satisfies the criteria that it is confidential information, and based on the type of confidential information word And determining content determining means the type of sensitive information, and the data relating to each information referencer for storing information see user attribute storage means, based on the determination result of the content determining means, the predetermined information referencer predetermined Refers to the position within the organization, identifies information corresponding to the type of confidential information that can be referred to by the information referrer corresponding to the position, and keeps the specified set of information confidential by the predetermined information referrer Information for which the authentication method is applied with reference to a range determination unit that determines a referenceable range that is a set of information that can be referred to without any problem, and an authentication method that can be handled by the predetermined information reference person identify a set of specified the information to determine protection process scope determined set a protecting treatment scope of information that the authentication method prescribed information reference person is can cope is applied And stage, at least the reference range and comparing the two ranges of the protective treatment coverage, a corresponding relationship information between the range information and the information belongs, and information belonging only to the reference range, visible A range comparison unit that creates correspondence information representing information belonging to the range and the protection treatment effective range; and information that belongs only to the protection treatment effective range; and a range display unit that displays the correspondence information It is characterized by.

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. see method adaptable authentication information reference user when information, and the information referring user attribute storage means for storing the attribute information of the information referencer including keywords related to the information the reference person, it is included in the information A word indicating that the information can be classified as useful information by storing the classified information word for each type of confidential information as well as storing the confidential information word, which is the word that the information is classified as confidential information. means for storing the useful information words is, be stored in a predetermined storage area, for each information attribute information indicating an authentication method that is applied is added , On the condition that the information includes a confidential information word, it is determined that the information satisfies the criterion that the information is confidential information, and the type of the confidential information is determined based on the type of the confidential information word. Content judging means for determining that the information contains a useful information word on the condition that the information contains a useful information word, and each information referer stored in the information referer attribute storage means The type of confidential information that can be referred to by the information referrer corresponding to the positioning by referring to the position of the predetermined information referer in the organization based on the data on the data and the determination result of the content determination means And the determined set of information is determined to be a referenceable range that is a set of information that can be referred to by the predetermined information reference person without any problem of confidentiality. For each piece of information that satisfies the criteria of including useful information words, the number of keywords that match or are similar to the useful information words included in the information among the keywords related to the predetermined information referer is counted. And specifying the information whose count result is equal to or greater than a predetermined threshold, and referencing the specified set of information as a set of information determined to be useful for the predetermined information referrer A range determination unit that determines a range and an authentication method that can be handled by the predetermined information referer are specified, information to which the authentication method is applied is specified, and the specified set of information is set as the predetermined information. Protective treatment effective range determination means for determining a protective treatment effective range that is a set of information to which an authentication method that can be handled by a reference person is applied ; at least the referenceable range, the reference Comparison information of information and the range to which the information belongs by comparing the three ranges of the recommended reference range and the effective range of the protective measure, and information belonging to the referenceable range, the recommended reference range, and the effective range of the protective measure Information that belongs only to the referenceable range, information that belongs only to the recommended reference range, information that belongs only to the protective treatment effective range, information that belongs to the referenceable range and the protective treatment effective range, and does not belong to the recommended reference range, Range comparison that creates correspondence information that represents information that belongs to the recommended reference range and effective protective action range and does not belong to the referenceable range, and information that belongs to the referenceable range and recommended reference range and does not belong to the protective action effective range. Means, and range display means for displaying the correspondence information .

In addition, the information management system according to the present invention includes, as data relating to each information referrer who wants to refer to information , information referrer identification information including the ID or name of the information referrer and a keyword related to the information referrer. Information referer attribute storage means for storing attribute information of the information reference person, means for storing a useful information word which is a word indicating that the information can correspond to useful information by being included in the information, For each information referrer, an information processing device used by each information referer and an apparatus for storing information indicating application software and the like, and an authentication method that is stored in a predetermined storage area and applied for each information added attribute information indicating, on condition that the information contains useful information words, said information contains useful information words And a determining content determining means satisfies the criteria of there, the data for each information referencer for storing information see user attribute storage means, based on the determination result of the content determining means includes useful information words For each piece of information that satisfies the above criteria, the number of keywords that match or are similar to the useful information word included in the information among the keywords related to the predetermined predetermined information referer is counted. A range in which information that is equal to or greater than a predetermined threshold is specified, and the specified set of information is determined as a recommended reference range that is a set of information that is determined to be useful for the predetermined information reference person and determining means, an information processing apparatus and the application software the predetermined information reference's use authentication method corresponds is applied JP And, a set of identified the information, and the predetermined information reference person actually referenced current reference range determining means for determining a current reference range, which is a collection of information that may be, at least the reference recommended range and The two ranges of the current referenceable range are compared, and correspondence information between the information and the range to which the information belongs, and belongs to only the recommended reference range, the recommended reference range, and the current referenceable range It is characterized by comprising range comparison means for creating correspondence information representing information and information belonging only to the current referenceable range, and range display means for displaying the correspondence information .

In addition, the information management system according to the present invention supports the identification information of the information referrer including the ID or name of the information referrer as data related to each information referrer who wants to refer to the information, and the information referer corresponds to the information reference Information referer attribute storage means for storing possible authentication methods and attribute information of the information referrer including keywords related to the information referrer, and the information can correspond to useful information by being included in the information Means for storing a useful information word that is a word that represents information, an information storage device used by each information referrer and a device for storing information indicating application software, etc. have been in the storage area storing, for each information attribute information indicating an authentication method that is applied is added, information useful information word including On condition Dale, and a determining content determining means satisfies the criterion that the information contains useful information word, the data for each information referencer for storing information see user attribute storage means, content determination The useful information contained in the information among the keywords related to the predetermined predetermined information referer for each piece of information satisfying the criterion that the useful information word is included based on the determination result of the means The number of keywords that match or are similar to a word is counted, information whose count result is equal to or greater than a predetermined threshold is specified, and the specified set of information is useful for the predetermined information reference person information processing apparatus and application software and determining range determining means and the reference recommended range is a set of information to be determined, the predetermined information reference's use and The current referenceable range, which is a set of information that identifies the information to which the authentication method supported by the service is applied, and that the specified information reference can actually refer to the specified set of information The current referenceable range determination means for determining the information and the authentication method that can be handled by the predetermined information referer are specified, the information to which the authentication method is applied is specified, and the specified set of information is set to the predetermined information A protection treatment effective range determination means for determining a protection treatment effective range that is a set of information to which an authentication method that can be handled by the information reference person is applied , at least the recommended reference range, the current referenceable range, and the Comparing the three ranges of the protective treatment effective range, the corresponding information of the information and the range to which the information belongs, the information belonging to only the reference recommended range, the reference recommended range, and the currently referable range And information belonging to only one of the effective range of protection measures, information that belongs to the recommended reference range, the current referenceable range, and the effective range of protective treatment, and that do not belong to the recommended recommended range, and that can be referred to, and the protective action Range comparison means for creating correspondence information representing information belonging to the effective range and information not belonging to the recommended reference range and belonging to only one of the current referenceable range and the protective action effective range, and the correspondence A range display means for displaying the relationship information is provided.

In addition, the information management system according to the present invention supports the identification information of the information referrer including the ID or name of the information referrer as data related to each information referrer who wants to refer to the information, and the information referer corresponds to the information reference Information referer attribute storage means for storing possible authentication methods and attribute information of the information referrer including keywords related to the information referrer, and the information can correspond to useful information by being included in the information Means for storing a useful information word that is a word indicating that, and for each piece of information that is stored in a predetermined storage area and has attribute information indicating an applied authentication method added , the information is a useful information word. comprise it have the condition, and determining content determining means and the information meets the criteria that they contain useful information word, the information reference user attribute storage means serial Keyword and data for each information viewers, based on the determination result of the content determining unit, for each information that meet the criteria that they contain useful information word, associated with a given information referencer predetermined to Among them, the number of keywords that match or are similar to the useful information word included in the information is counted, the information whose count result is equal to or greater than a predetermined threshold is specified, and the set of the specified information is determined. A range determination unit that determines a recommended reference range that is a set of information that is determined to be useful for the predetermined information referer, and an authentication method that can be handled by the predetermined information referer. A protection measure that identifies information to which the authentication method is applied, and is a set of information to which an authentication method to which the predetermined information referrer is applicable is applied to the specified set of information And determining protective measures effective range determination means and effective range, by comparing the two ranges of at least the reference recommended range and the protective treatment coverage, a corresponding relationship information between the range information and the information belongs, see A range comparison means for creating correspondence information representing information belonging to only the recommended range, information belonging to the recommended reference range and the protective action effective range, and information belonging only to the protective action effective range ;
A range display means for displaying the correspondence information is provided.

The content determination means assumes that information including a word partially matching the confidential information word is confidential information, determines the type of the assumed confidential information based on the type of the confidential information word, and ranges. The determination unit refers to the position of the predetermined information reference in the organization, and when the assumed confidential information type is information of a type that can be referred to by the information reference corresponding to the positioning, The set of information that is assumed to be confidential information may be information that constitutes a referenceable range, but is an uncertain set that is a set of information that cannot be said to be information that reliably constitutes a referenceable range. The range display means may determine and display information belonging to the uncertain set .

Range determination means, for each information that meet the criteria that they contain useful information words, among the keywords associated with a given information reference person, identical or similar useful information word included in the information keywords The count result is less than a predetermined threshold value, but the information in which the difference between the count value and the threshold value is within a predetermined value is specified, and the specified set of information is there is a possibility that the information constituting the reference recommended range, it is determined that the uncertainty set is a set of information not be said to be information constituting reliably reference recommended range, range display means is uncertain set It may be configured to display information belonging to .

The range display means displays individual ranges to which each piece of information classified in the correspondence information belongs , and includes designation means for designating the individual ranges . The range display means belongs to the range designated by the designation means. Information may be configured to be displayed based on the correspondence information.

It may be configured to include range operation means for accepting an operation of moving the information of one range indicated by the correspondence relationship information displayed on the range display means to another range .

It is configured to include an arrangement changing unit that changes a storage area in which information is stored in response to an operation of moving one range of information indicated by the correspondence relationship information displayed on the range display unit to another range. Also good.

In addition, the information management program according to the present invention provides the information related to each information referrer who wants to refer to the information , the information referrer identification information including the ID or name of the information referrer, and the position of the information referrer in the organization Information referer attribute storage means for storing the attribute information of the information referrer including a keyword related to the information referrer, and a word that corresponds to the confidential information by being included in the information A computer having a secret information word for each type of confidential information and a means for storing a useful information word, which is a word indicating that the information can correspond to useful information by being included in the information , on condition that the predetermined information that may be referenced in the information referencer contains confidential information word, the predetermined information have to be confidential It is determined that the standard information is satisfied, the type of confidential information is determined based on the type of confidential information word, and the predetermined information is useful information on the condition that the predetermined information includes a useful information word. Based on the process for determining that the word is included and the information reference person attribute storage means stores the data related to each information referer and the determination result of the process, the criterion is confidential information. Identifying information referers who are within the organization who can refer to the type of confidential information of the predetermined information that satisfies the specified information, and the problem of maintaining confidentiality of the specified information Judgment is made as a disclosureable range that is a set of information referrers that can be referred to without fail, and satisfies the criteria of including useful information words among keywords related to the information referrers The number of keywords that match or are similar to useful information words included in the predetermined information is counted, information referees whose count result is equal to or greater than a predetermined threshold value are identified, and the identified information reference a set of users, the predetermined information is a set of information referring who shall recommended to refer disclosed recommended range and process of determining, by comparing the two ranges of at least the disclosed range and the disclosure recommended range Correspondence information between the information referer and the range to which the information referer belongs, the information referer belonging only to the disclosing range, the information referer belonging to the disclosing possible range and the recommended disclosure range, and the recommended disclosure range Processing for creating correspondence information respectively representing information referers belonging only to , and
A process of displaying the correspondence information is executed.

In addition, the information management program according to the present invention provides the information related to each information referrer who wants to refer to the information , the information referrer identification information including the ID or name of the information referrer, and the position of the information referrer in the organization see method adaptable authentication information reference user when information, and the information referring user attribute storage means for storing the attribute information of the information referencer including keywords related to the information the reference person, it is included in the information A word indicating that the information can be classified as useful information by storing the classified information word for each type of confidential information as well as storing the confidential information word, which is the word that the information is classified as confidential information. a computer and means for storing the useful information words is, predetermined information that may be referenced contains confidential information words in the information referencer On the condition that the predetermined information satisfies the criterion that it is confidential information, and determines the type of confidential information based on the type of confidential information word, the predetermined information is a useful information word A process for determining that the predetermined information satisfies a criterion that the predetermined information includes a useful information word, on condition that the information is included, data relating to each information reference stored in the information reference attribute storage means, and the process Based on the determination result, the information reference person corresponding to the position in the organization that can refer to the type of the confidential information of the predetermined information that satisfies the criterion of confidential information is identified, and the identified information reference A set of information is determined to be a disclosureable range that is a set of information referers who can refer to the predetermined information without any problem of confidentiality, and among keywords related to the information referrer The number of keywords that match or are similar to the useful information word included in the predetermined information that meets the criteria for including useful information words is counted, and the count result is equal to or greater than a predetermined threshold. A process for identifying information referrers and determining the set of identified information referers as a recommended disclosure range that is a set of information referers who should recommend referencing the predetermined information, and is applied to the predetermined information A set of information referers identified by identifying information referers who can handle the authentication method applied to the predetermined information, based on the authentication methods that can be handled by the information referers the said predetermined information can be referred to as the process of determining as a protective treatment coverage is a set of information referring person is determined, at least the disclosed range, the disclosure recommended range and Comparing the three ranges of the protective action effective range, the corresponding information of the information referer and the range to which the information reference belongs, and the information belonging to the disclosure possible range, the recommended disclosure range, and the protective treatment effective range References, information referers who belong only to the disclosure scope, information referers who belong only to the recommended disclosure scope, information referers who belong only to the protection scope, and disclosures belonging to the disclosure scope and protection scope Information referrer that does not belong to the recommended range, information referer that belongs to the recommended disclosure range and the protective action effective range, and does not belong to the openable range, and information that belongs to the openable range and the recommended open disclosure range and does not belong to the protective action effective range It is characterized in that processing for creating correspondence information representing each of the referers and processing for displaying the correspondence information are executed.

In addition, the information management program according to the present invention includes, as data related to each information referrer who wants to refer to the information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. see method adaptable authentication information reference user when information, and the information referring user attribute storage means for storing the attribute information of the information referencer including keywords related to the information the reference person, it is included in the information A word indicating that the information can be classified as useful information by storing the classified information word for each type of confidential information as well as storing the confidential information word, which is the word that the information is classified as confidential information. Means for storing useful information words and information indicating information processing devices and application software used by each information referer for each information referer A computer with a device such as a store enable status storage means, on condition that the predetermined information that may be referenced in the information referencer contains confidential information word, the predetermined information is classified information The predetermined information is determined on the condition that the predetermined information includes a useful information word, and the type of the confidential information is determined based on the type of the confidential information word. Is classified information based on the process of determining that the information contains a useful information word, the data related to each information referer stored in the information referrer attribute storage means, and the determination result of the process Identifying information referers that fall within the organization that can refer to the type of confidential information of the prescribed information that meets the criteria Judgment is made as a disclosureable range that is a set of information referers who can refer to given information without any confidentiality problems, and satisfies the criteria of including useful information words among keywords related to the information referrers. The number of keywords matching or similar to the useful information word included in the predetermined information is counted, the information reference whose count result is equal to or greater than a predetermined threshold is identified, and the identified information A process for determining a set of referrals as a recommended disclosure range that is a set of information referrals that should be recommended to refer to the predetermined information, an authentication method applied to the predetermined information, and an information reference correspond Based on possible authentication methods, an information referer who can handle the authentication method applied to the predetermined information is specified, and the set of specified information reference users is referred to the predetermined information. A process for determining as a protection action effective range that is a set of information referees determined to be able to perform information processing, an information referrer using an information processing apparatus and application software corresponding to an authentication method applied to predetermined information A process of determining and identifying the specified set of information referrers as a current disclosure range that is a set of information referers who can actually refer to the predetermined information , at least the disclosure possible range, and the disclosure recommended range , Comparing the four ranges of the protective treatment effective range and the current disclosure range, the correspondence information of the information reference person and the range to which the information reference belongs, and the information reference person belonging only to the disclosure possible range An information referer who belongs only to the recommended disclosure range, and an information referer who belongs to the disclosure possible range and the recommended disclosure range and does not belong to the effective range of protection measures and the current disclosure range. An information referer that belongs to the disclosure possible range, the recommended disclosure range, the protective treatment effective range, and the current disclosure range, and that belongs to the disclosure possible range and the recommended disclosure range, and only to either the protective treatment effective range or the current disclosure range. Information referrer belonging to, not belonging to the disclosure possible range and recommended disclosure range, and the information referer belonging to the effective range of protection measures and the current disclosure range, belonging to the disclosure possible range and not belonging to the recommended disclosure range, and Information referer belonging to the scope of effective protection and the current disclosure range, information referer belonging to the recommended disclosure range and not belonging to the disclosure possible range, and information referer belonging to the protection treatment effective range and the current disclosure range, and belonging to the disclosure possible range Information referer that does not belong to the recommended range and belongs only to one of the effective range of protection measures or the current disclosure range, and belongs to the recommended disclosure range and does not belong to the disclosure range, and the effective range of protection measures and the current disclosure range Correspondence relationships that respectively represent information referers that belong only to one of them, and information referers that do not belong to the disclosure possible range or the recommended disclosure range, and belong to only one of the effective protection range and the current disclosure range A process for creating information and a process for displaying the correspondence information are executed.

In addition, the information management program according to the present invention corresponds to the identification information of the information referrer including the ID or name of the information referrer and the information referer at the time of referring to the information as data regarding each information referrer who wants to refer to the information. Information referrer attribute storage means for storing attribute information of an information referrer including possible authentication methods, and an apparatus for storing information indicating an information processing device and application software used by each information referer for each information referer Based on the authentication method applied to the predetermined information that may be referred to by the information referrer and the authentication method that can be handled by the information referer, It is possible to identify an information referer who can handle the authentication method applied to the predetermined information, and to refer to the predetermined information for a set of the identified information referrer. Determining processing as a protective treatment coverage is a set of information referring who is determined to that, to identify the information reference who uses the information processing apparatus and the application software corresponding to the authentication method that is applied to predetermined information, A process of determining the specified set of information referring users as a current disclosure range that is a set of information referring users who can actually refer to the predetermined information , and at least two of the protection action effective range and the current disclosure range Information corresponding to the information referer and the range to which the information referer belongs, the information referer belonging to the protection measure effective range and the current disclosure range, the protection measure effective range and the current disclosure processing for creating a correspondence relationship information indicating a range of only one of the belonging information referring person and respectively, and to execute processing of displaying the correspondence relationship information And wherein the door.

In addition, the information management program according to the present invention provides the information related to each information referrer who wants to refer to the information , the information referrer identification information including the ID or name of the information referrer, and the position of the information referrer in the organization And information referer attribute storage means for storing attribute information of the information referrer including an authentication method that the information referer can handle when referring to the information, and the information is classified as confidential information by being included in the information The computer having the means for storing the confidential information word for each type of confidential information includes the confidential information word that may be referred to by the information reference person. the condition, together with the predetermined information is determined to meet the criteria of being confidential information, the processing determines the type of sensitive information based on the type of sensitive information words And data for each information referencer for storing information see user attribute storage means, based on a determination result of said processing, referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential Disclosure scope that is a set of information referrers that can identify information referers corresponding to their positioning within the group, and can refer to the specified set of information referrers without any security problems determining processing, the authentication method has been applied to the predetermined information, based on information reference person in the compatible authentication methods, a possible information reference Accessible to apply authentication methods on the predetermined information identified, determining processing, at least the disclosed set of identified the information reference person, as a protective treatment coverage is a set of information referring who is determined to be able to see the predetermined information Compare the two ranges of coverage area and said protective treatment coverage, a corresponding relationship information between the range where the information referencer information reference person belongs, and information reference who belong to only disclosure range, disclosable A process of creating correspondence information representing information referers belonging to the scope and the protective treatment effective range, and an information reference person belonging to only the protective treatment effective range , and a process of displaying the correspondence information. Features.

In addition, the information management program according to the present invention provides the information related to each information referrer who wants to refer to the information , the information referrer identification information including the ID or name of the information referrer, and the position of the information referrer in the organization And information referer attribute storage means for storing attribute information of the information referrer including an authentication method that the information referer can handle when referring to the information, and the information is classified as confidential information by being included in the information Means for storing confidential information words, which are words to be used, for each type of confidential information, and information storage devices used by each information referer and information indicating application software used for each information referer a computer with a possible situation storage means, predetermined information that may be referenced in the information referring person on condition that it contains confidential information words With the predetermined information is determined to meet the criteria of being confidential information, the processing determines the type of sensitive information based on the type of sensitive information word, each information referencer for storing information see User attribute storage means Based on the data related to the above and the determination result of the processing, the information referer corresponding to the position in the organization that can refer to the type of the confidential information of the predetermined information that satisfies the standard of confidential information is identified. A process for determining the specified set of information referrers as a disclosureable range, which is a set of information referers who can refer to the predetermined information without any problem of confidentiality, and is applied to the predetermined information Based on the authentication method and the authentication method that can be dealt with by the information referer, the information referrer who identifies the information referer who can handle the authentication method applied to the predetermined information is identified. An information processing apparatus and the corresponding set, determining processing as a protective treatment coverage is a set of determined the information referencer and can refer to the predetermined information, the authentication method has been applied to the predetermined information A process of identifying information referers who use application software, and determining the identified set of information referers as a current disclosure range that is a set of information referers who can actually refer to the predetermined information ; Comparing the three ranges of the disclosure possible range, the protective treatment effective range, and the current disclosure range, it is correspondence information between the information referer and the range to which the information referer belongs, and belongs only to the disclosure possible range Information referrer, information referer who belongs to the disclosure range, and belongs to only one of the effective range of protection measures or the current disclosure range, disclosure range and protection Information referer who belongs to the effective scope of the treatment and the current disclosure range, information referer who does not belong to the disclosure possible range, and belongs to the protection treatment effective range and the current disclosure range, and does not belong to the disclosure possible range, and the protective treatment The present invention is characterized in that a process of creating correspondence information representing information referers belonging to only one of the effective range and the current disclosure range and a process of displaying the correspondence information are executed.

In addition, the information management program according to the present invention includes, as data related to each information referrer who wants to refer to the information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. Information reference attribute storage means for storing the attribute information of the information reference including information , and a confidential information word that is a word that the information corresponds to confidential information by being included in the information means for storing for each, for each information referring person, the computer having an information processing apparatus and a device such as a usability status storage means for storing information indicating the application software each information reference's use, the information referencer Satisfying the criterion that the predetermined information is confidential information on the condition that the predetermined information that may be referred to includes a confidential information word Thereby judged that the process determines the type of sensitive information based on the type of sensitive information word, the data for each information referencer for storing information see user attribute storage means, based on a determination result of said processing, The information reference person who corresponds to the position in the organization that can refer to the type of confidential information of the predetermined information that satisfies the criteria of being confidential information is specified, and the set of the specified information reference users Using information processing apparatus and application software corresponding to an authentication method applied to predetermined information, a process for determining a disclosureable range that is a set of information referers who can refer to information without problems of confidentiality The present disclosure range which is a set of information referers who can identify information referers and can actually refer to the specified set of information referers. Process for determining and, by comparing the two ranges of at least the disclosed range and the current disclosure range, a corresponding relationship information between the range where the information referencer information reference person belongs, only the disclosure range A process of creating correspondence information representing the information referer belonging, the information referrer belonging to the disclosure possible range and the current disclosure range, and the information referer belonging to only the current disclosure range , and the correspondence information are displayed A process is executed.

In addition, the information management program according to the present invention provides the information related to each information referrer who wants to refer to the information , the information referrer identification information including the ID or name of the information referrer, and the position of the information referer in the organization Information referer attribute storage means for storing the attribute information of the information referrer including a keyword related to the information referrer, and a word that corresponds to the confidential information by being included in the information A means for storing a confidential information word for each type of confidential information, a useful information word that is a word indicating that the information can correspond to useful information by being included in the information, and each information reference person a, co each information reference person and a processing device and a device such as a usability status storage means for storing information indicating the application software to use A computer, a predetermined information that may be referenced in the information referring person on condition that it contains confidential information word, together with the predetermined information is determined to meet the criteria of being confidential information, The type of confidential information is determined based on the type of confidential information word, and the condition that the predetermined information includes a useful information word is satisfied on condition that the predetermined information includes a useful information word. Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the process, the confidential information of the predetermined information satisfying the criterion of confidential information It is possible to identify an information referer who corresponds to the position within the organization that can refer to the type, and to refer to the set of the identified information referer without any problem of confidentiality. A useful information word included in predetermined information that satisfies a criterion that a useful information word is included among keywords related to the information reference; Counting the number of matching or similar keywords, identifying information referrers whose count result is equal to or greater than a predetermined threshold, and referencing the specified information to the identified set of information referrers discloses recommended range and determining process is a set of information referring who shall recommended to identify the information reference who uses the information processing apparatus and the application software corresponding to the authentication method that is applied to predetermined information, identified A process of determining the set of information referrers as a current disclosure range that is a set of information referrers that can actually refer to the predetermined information ; at least Is a correspondence relationship information between the information reference person and the range to which the information reference belongs , by comparing the three ranges of the disclosure possible range, the disclosure recommendation range, and the current disclosure range . The disclosure possible range and the disclosure recommendation Information referer belonging to the scope and the present disclosure scope, information referer belonging only to the disclosure possible scope, information referer belonging to only the disclosure recommended scope, information referer belonging only to the current disclosure scope, Information referer who belongs to the current disclosure range and does not belong to the recommended disclosure range, information referer who belongs to the recommended disclosure range and the present disclosure range and does not belong to the disclosure possible range, and the present disclosure that belongs to the disclosure possible range and the recommended disclosure range The present invention is characterized in that a process of creating correspondence information representing information referers that do not belong to a range and a process of displaying the correspondence information are executed.

In addition, the information management program according to the present invention corresponds to the identification information of the information referrer including the ID or name of the information referrer and the information referer at the time of referring to the information as data regarding each information referrer who wants to refer to the information. Information referer attribute storage means for storing possible authentication methods and attribute information of the information referrer including keywords related to the information referrer, and the information can correspond to useful information by being included in the information A computer having means for storing a useful information word that is a word indicating that the predetermined information that may be referred to by an information reference includes the useful information word. process of determining the information meets the criteria that they contain useful information word, the data for each information referencer for storing information see user attribute storage means, said Based on the sense of the determination result, among the keywords associated with the information reference person, keyword matching or similar to useful information word included in the predetermined information that meet the criteria that they contain useful information words An information reference that counts the number, specifies an information referrer whose count result is equal to or greater than a predetermined threshold, and recommends referring to the predetermined information for the specified set of information referrers Authentication method applied to the predetermined information on the basis of a process for determining the disclosure recommended range that is a set of persons, an authentication method applied to the predetermined information, and an authentication method that can be handled by an information reference person And a set of the specified information referrers is defined as a protection measure effective range that is a set of information referrers determined to be able to refer to the predetermined information. Process of determining, by comparing the two ranges of at least the disclosure recommended range and the protective treatment coverage, a corresponding relationship information between the range where the information referencer information reference person belongs, belongs only to disclose the recommended range A process of creating correspondence information representing information reference persons, information reference persons belonging to the disclosure recommendation range and the protective action effective range, and information reference persons belonging only to the protective action effective range; and displaying the correspondence information A process is executed.

In addition, the information management program according to the present invention supports the identification information of the information referrer including the ID or name of the information referrer as data related to each information referrer who wants to refer to the information, and the information referer corresponds to the information referer when referring to the information. Information referer attribute storage means for storing possible authentication methods and attribute information of the information referrer including keywords related to the information referrer, and the information can correspond to useful information by being included in the information A useful information word that is a word indicating that, and an information storage device used by each information referrer and a usable status storage unit such as a device that stores information indicating application software for each information referrer. the computer, on condition that the predetermined information that may be referenced in the information referencer contains useful information word, the predetermined information Useful information words determining process and meets the criteria that they contain, and data for each information referencer for storing information see user attribute storage means, based on the determination result of the processing, related to the information referencer The number of keywords that match or are similar to the useful information words included in the predetermined information satisfying the criterion that the useful information words are included is counted, and the count result is a predetermined threshold. identify the information reference who a value above process of determining the set of identified the information reference person, the disclosed preferred range is a set of information referring who shall recommended to refer to the predetermined information, a predetermined Based on the authentication method applied to the information and the authentication method that can be handled by the information reference person, the information reference that can correspond to the authentication method applied to the predetermined information Identify a set of identified the information viewers, determines the processing is applied to predetermined information as a protective treatment coverage is a set of the predetermined information can be referred to the information reference person is determined A set of information referrers that can identify an information referrer who uses the information processing apparatus and application software corresponding to the authentication method and can actually refer to the specified set of the information referrer. The correspondence relationship between the information referer and the range to which the information referer belongs by comparing at least the three ranges of the process for determining as the present disclosure range , at least the recommended disclosure range, the effective protective action range, and the present disclosure range. Information that belongs only to the recommended disclosure range, only to the recommended disclosure range, and only to one of the effective protection range and the current disclosure range An information referer belonging to, an information referrer belonging to the recommended disclosure range, the protective action effective range, and the current disclosure range; an information referer that does not belong to the recommended disclosure range and belongs to the protective action effective range and the current disclosure range; Executes processing for creating correspondence information that represents information referers that do not belong to the recommended disclosure range and belong to only one of the effective disclosure scope and the current disclosure range , and processing for displaying the correspondence information It is characterized by making it.

In addition, the information management program according to the present invention includes identification information of an information referrer including the ID or name of the information referrer and a keyword related to the information referer as data relating to each information referrer who wants to refer to the information. Information referer attribute storage means for storing attribute information of the information reference person, means for storing a useful information word which is a word indicating that the information can correspond to useful information by being included in the information, for each information referring person, a computer that the information reference person and a processing device and a device such as a usability status storage means for storing information indicating the application software used, there is a possibility of being referred to the information referencer Satisfy the criterion that the predetermined information includes a useful information word on the condition that the predetermined information includes a useful information word Determining processing, and the data for each information referencer for storing information see user attribute storage means, based on the determination result of the processing, among the keywords associated with the information reference person, the reference that contains useful information words Count the number of keywords that match or are similar to useful information words included in the predetermined information that satisfies the criteria, and identify and identify information referees whose counting results are equal to or greater than a predetermined threshold. Processing for determining the set of information referrers as a recommended disclosure range that is a set of information referrals that should be recommended to refer to the predetermined information, and information processing corresponding to an authentication method applied to the predetermined information It is possible to identify information referees who use the device and application software, and to actually refer to the specified information in the specified set of information referrers. Process of determining the current disclosure range is a set of information referring's at least the disclosure recommended range and the comparing the two ranges of the current disclosure range, correspondence information between the range in which the information referencer information reference person belongs A process of creating correspondence information representing information referers belonging only to the recommended disclosure range, information referers belonging to the recommended disclosure range and the current disclosure range, and information referers belonging to only the current disclosure range. And a process of displaying the correspondence information .

In addition, the information management program according to the present invention provides the information related to each information referrer who wants to refer to the information , the information referrer identification information including the ID or name of the information referrer, and the position of the information referrer in the organization Information referer attribute storage means for storing the attribute information of the information referrer including a keyword related to the information referrer, and a word that corresponds to the confidential information by being included in the information A computer having a secret information word for each type of confidential information and a means for storing a useful information word, which is a word indicating that the information can correspond to useful information by being included in the information , for each information stored in a predetermined storage area, on condition that the information contains confidential information word, have the said information is confidential The information includes a useful information word on the condition that the information includes a useful information word, and determines that the type of confidential information is determined based on the type of the confidential information word. Based on the process for determining that the above-mentioned criteria are satisfied, the data related to each information referer stored in the information referrer attribute storage means, and the determination result of the process, the predetermined information referer's organization The information corresponding to the type of confidential information that can be referred to by the information reference person corresponding to the positioning is identified, and the specified information reference The information is determined to be a referenceable range that is a set of information that can be referred to without problems, and each piece of information that satisfies the criterion of including a useful information word is related to the predetermined information reference person. Among the keywords, the number of keywords that match or are similar to the useful information word included in the information is counted, the information whose count result is equal to or greater than a predetermined threshold is specified, and the set of the specified information a process of determining a reference recommended range is a set of information that is determined to be useful for the predetermined information referencer compares two ranges of at least the reference range and the reference recommended range, information and Corresponding relationship information with the range to which the information belongs, corresponding information indicating information belonging to only the referable range, information belonging to the referable range and the recommended reference range, and information belonging to only the recommended reference range And a process for displaying the correspondence information .

In addition, the information management program according to the present invention provides the information related to each information referrer who wants to refer to the information , the information referrer identification information including the ID or name of the information referrer, and the position of the information referer in the organization Information referer attribute storage means for storing the attribute information of the information referrer including a keyword related to the information referrer, and a word that corresponds to the confidential information by being included in the information A means for storing a confidential information word for each type of confidential information, a useful information word that is a word indicating that the information can correspond to useful information by being included in the information, and each information reference person a, co each information reference person and a processing device and a device such as a usability status storage means for storing information indicating the application software to use The computer, be stored in a predetermined storage area, for each information attribute information indicating an authentication method that is applied is added, on condition that the information contains confidential information words, said information confidential The information is determined to satisfy the criteria of being information, the type of the confidential information is determined based on the type of the confidential information word, and the information includes the useful information word on the condition that the information includes the useful information word. the comprise that determines processing that meets the criteria of, the data for each information referencer for storing information see user attribute storage means, based on the determination result of the processing, predetermined information reference predetermined The information in the organization of the person is referred, the information corresponding to the kind of confidential information that can be referred to by the information reference person corresponding to the position is specified, and the set of the specified information For each piece of information that satisfies the criteria of including a useful information word, it is determined that it is a referenceable range that is a set of information that can be referred to by a predetermined information reference person without any problem of confidentiality. Count the number of keywords that match or are similar to the useful information word included in the information among the keywords related to the information referrer, identify the information whose count result is equal to or greater than a predetermined threshold, Processing for determining the specified set of information as a recommended reference range that is a set of information determined to be useful for the predetermined information referer, an information processing apparatus and application software used by the predetermined information referer It is possible to identify information to which an authentication method supported by is applied, and the predetermined information referer can actually refer to the specified set of information. A process for determining a current referenceable range that is a set of information that can be processed , and comparing at least three ranges of the referenceable range, the recommended reference range, and the current referenceable range, and corresponding information to the range to which the information belongs Information related to the referenceable range, the recommended reference range, and the current referenceable range, information that belongs only to the referenceable range, information that belongs only to the recommended reference range, and information that belongs only to the current referenceable range Information that belongs to the referenceable range and the current referenceable range and does not belong to the recommended reference range, information that belongs to the recommended reference range and the current referenceable range and does not belong to the referenceable range, referenceable range and recommended reference range, A process of creating correspondence information representing information belonging to and not belonging to the current referenceable range , and a process of displaying the correspondence information .

In addition, the information management program according to the present invention includes, as data related to each information referrer who wants to refer to the information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. see method adaptable authentication information reference user when information, and the information referring user attribute storage means for storing the attribute information of the information referencer including keywords related to the information the reference person, it is included in the information A word indicating that the information can be classified as useful information by storing the classified information word for each type of confidential information as well as storing the confidential information word, which is the word that the information is classified as confidential information. Means for storing useful information words and information indicating information processing devices and application software used by each information referer for each information referer A computer with a device such as a store enable status storage means, have been stored in a predetermined storage area, for each information attribute information indicating an authentication method that is applied is added, information sensitive information word On the condition that the information satisfies the criteria that the information is confidential information, the type of confidential information is determined based on the type of confidential information word, and the information includes a useful information word. A process for determining that the information includes a useful information word on the condition that the information is included, data on each information referer stored by the information referer attribute storage means, and a determination result of the process based on the bets, with reference to the positioning in the tissue of predetermined information referencer predetermined, the appropriate information reference person can reference types of sensitive information to the positioning The corresponding information is specified, and the specified set of information is determined as a referenceable range that is a set of information that can be referred to by the predetermined information reference person without a problem of confidentiality, and includes a useful information word. For each piece of information that satisfies the criteria of being in the list, the number of keywords that match or are similar to the useful information word included in the information among the keywords related to the predetermined information referer is counted, A process of identifying information that is equal to or greater than a predetermined threshold, and determining the specified set of information as a recommended reference range that is a set of information that is determined to be useful for the predetermined information reference person ; A set of the specified information by identifying information to which an authentication method supported by an information processing apparatus and application software used by the predetermined information referer is applied Is referred to as a currently referable range that is a set of information that can be actually referred to by the predetermined information referer, an authentication method that can be handled by the predetermined information referer, and the authentication method is A process of identifying applied information and determining the identified set of information as a protective treatment effective range that is a set of information to which an authentication method to which the predetermined information referer can be applied ; It is correspondence information of information and the range to which the information belongs by comparing at least four ranges of the referenceable range, the recommended reference range, the current referenceable range, and the protective treatment effective range. Information that belongs only to the reference recommended range, information that belongs to the referenceable range and the recommended reference range, does not belong to the current referenceable range and the protective action effective range, and can be referred to and the recommended reference range. Information belonging to the current referenceable range and the protective action effective range, information belonging to the referenceable range and the recommended reference range, and belonging to only one of the current referenceable range and the protective action effective range, and the referenceable range Information that belongs to the current referenceable range and the protective action effective range, belongs to the referenceable range, does not belong to the recommended reference range, and is in the current referenceable range and the protective action effective range. Information that belongs to the recommended reference range, does not belong to the referenceable range, belongs to the current referenceable range and the protective action effective range, belongs to the referenceable range, does not belong to the recommended reference range, and is the current referenceable range And information belonging only to one of the effective range of protection measures, information belonging to the recommended reference range and not belonging to the referenceable range, and belonging to only one of the current referenceable range and the protective treatment effective range, Not belong to the reference recommended range and irradiation range, and the process of creating the correspondence relationship information indicating each one only belong information and the protective treatment scope as current reference range, and the correspondence relationship information The display processing is executed.

In addition, the information management program according to the present invention supports the identification information of the information referrer including the ID or name of the information referrer as data related to each information referrer who wants to refer to the information, and the information referer corresponds to the information reference Information referrer attribute storage means for storing attribute information of an information referrer including possible authentication methods, and an apparatus for storing information indicating an information processing device and application software used by each information referer for each information referer A predetermined information reference is made in advance from each piece of information that is stored in a predetermined storage area and has attribute information indicating the applied authentication method added to a computer equipped with an equal availability status storage means . The information to which the authentication method supported by the information processing apparatus and application software used by the person is applied is specified, and the specified information A process for determining a set as a current referable range that is a set of information that can be actually referred to by the predetermined information referer, an authentication method that can be handled by the predetermined information referer, and the authentication method That identifies the information to which the authentication information is applied, and determines the identified set of information as a protection action effective range that is a set of information to which the authentication method to which the predetermined information referrer is applicable is applied. , Comparing at least two ranges of the protective treatment effective range and the current referenceable range, and corresponding information of information and the range to which the information belongs, and belongs to the current referenceable range and the protective treatment effective range information, to execute processing for creating a correspondence relationship information indicating each one only belong information and the protective treatment scope as current reference range, and the process of displaying the correspondence relationship information And wherein the door.

In addition, the information management program according to the present invention provides the information related to each information referrer who wants to refer to the information , the information referrer identification information including the ID or name of the information referrer, and the position of the information referrer in the organization Information reference attribute storage means for storing the attribute information of the information reference including the information reference, and the confidential information word that is the word that the information corresponds to the confidential information by being included in the information A predetermined storage area in a computer having means for storing each information, and an information processing device used by each information referrer and a device such as a device for storing information indicating application software for each information referer. be stored in, for each information attribute information indicating an authentication method that is applied is added, that the information contains confidential information words The condition, together with the information is determined to meet the criteria of being confidential information, the processing determines the type of sensitive information based on the type of sensitive information words, each reference information stored in the information reference user attribute storage means Type of confidential information that can be referred to by the information referrer corresponding to the positioning by referring to the position of the predetermined information referer in the organization based on the data related to the person and the determination result of the processing A process of determining the information corresponding to the above, and determining the specified set of information as a referenceable range that is a set of information that can be referred to by the predetermined information reference person without any problem of confidentiality , Information to which an authentication method supported by an information processing apparatus and application software used by an information referer is specified, and the specified set of information Current reference range and determining processing, by comparing the two ranges of at least the reference range and said current reference range, information and the information of the information reference person is a collection of information that can be actually referenced Information corresponding to the range to which the reference belongs, corresponding information indicating only information that belongs to the referenceable range, information that belongs to the referenceable range and the current referenceable range, and information that belongs only to the current referenceable range And a process of displaying the correspondence information is executed.

In addition, the information management program according to the present invention includes, as data related to each information referrer who wants to refer to the information , information referrer identification information including the ID or name of the information referrer and the position of the information referrer in the organization. , And information referer attribute storage means for storing attribute information of the information referer including an authentication method that can be handled by the information referer when referring to the information, and the information corresponds to confidential information by being included in the information Means for storing confidential information words that are words to be classified for each type of confidential information, and information storage devices used by each information referrer and devices for storing information indicating application software for each information referer a computer with a possible situation storage means, have been stored in a predetermined storage area, attribute information indicating an authentication method that is applied is added For information, on condition that the information contains confidential information word, together with the information is determined to meet the criteria of being confidential information, determines the type of sensitive information based on the type of sensitive information words Based on the data related to each information referer stored in the process, information referrer attribute storage means, and the determination result of the process , the positioning in the organization of a predetermined information referrer determined in advance is referred to Of information that can be referred to by a type of confidential information that can be referred to by an information referrer, and the specified set of information can be referred to by the predetermined information referer without any problem of confidentiality. process of determining a reference range is set, the authentication method information processing apparatus and the application software the predetermined information reference's use is compatible is applied Identifying information are a set of the identified said information, determining processing the current reference range, which is a collection of information that can be the predetermined information reference person actually refer to, the predetermined information reference's corresponding Refers to a possible authentication method, specifies information to which the authentication method is applied, and sets the specified set of information to the information to which the authentication method to which the predetermined information referer can handle is applied. process of determining a protective treatment coverage is set, at least the reference range, correspondence information between the compare three ranges of current reference range and said protective treatment effective range information and the information belongs range Information that belongs only to the referenceable range, information that belongs to the referenceable range, and that belongs only to one of the current referenceable range and the effective range of protection measures, the referenceable range, and the current referenceable range And information that belongs to the scope of protection measures, information that does not belong to the referenceable range, information that belongs to the current referenceable range and protection treatment effective range, and that does not belong to the referenceable range, and that can be referred to currently It is characterized in that processing for creating correspondence information each representing information belonging to only one of the effective ranges and processing for displaying the correspondence information are executed.

In addition, the information management program according to the present invention provides the information related to each information referrer who wants to refer to the information , the information referrer identification information including the ID or name of the information referrer, and the position of the information referrer in the organization And information referer attribute storage means for storing attribute information of the information referrer including an authentication method that the information referer can handle when referring to the information, and the information is classified as confidential information by being included in the information Attribute information indicating the authentication method applied and stored in a predetermined storage area is added to a computer having means for storing a confidential information word, which is a word to be stored, for each type of confidential information. for each information is, on condition that the information contains confidential information word, together with the information is determined to meet the criteria of being confidential information, confidential Process determines the type of sensitive information based on the type of broadcast words, the data for each information referencer for storing information see user attribute storage means, based on the determination result of the processing, predetermined information is predetermined Refers to the position of the referrer in the organization, identifies information corresponding to the type of confidential information that can be referred to by the information referrer corresponding to the position, and identifies the set of identified information as the predetermined information referrer. Is determined to be a referenceable range that is a set of information that can be referred to without any problem of confidentiality, and refers to an authentication method that can be handled by the predetermined information referer, and information to which the authentication method is applied identify a set of identified the information, determines processing set a protecting treatment scope of information that the authentication method prescribed information reference person is can cope is applied, at least the Compare the two ranges of irradiation range and the protective treatment coverage, a corresponding relationship information between the range information and the information belongs, and information belonging only to the reference range, the reference range and the protective treatment effective It is characterized in that a process of creating correspondence information representing information belonging to a range and information belonging only to a protection treatment effective range and a process of displaying the correspondence information are executed.

In addition, the information management program according to the present invention provides the information related to each information referrer who wants to refer to the information , the information referrer identification information including the ID or name of the information referrer, and the position of the information referrer in the organization see method adaptable authentication information reference user when information, and the information referring user attribute storage means for storing the attribute information of the information referencer including keywords related to the information the reference person, it is included in the information A word indicating that the information can be classified as useful information by storing the classified information word for each type of confidential information as well as storing the confidential information word, which is the word that the information is classified as confidential information. a computer and means for storing the useful information words is, be stored in a predetermined storage area, with attribute information indicating an authentication method that is applied For each information being, on condition that the information contains confidential information words, said information as to determined that meets the criteria of being confidential information, confidential information based on the type of sensitive information words Each type stored in the information referrer attribute storage means that determines the type and determines that the information includes a useful information word on condition that the information includes a useful information word. Based on the data related to the information referrer and the determination result of the process , the position of the predetermined information referrer in the organization is referred to, and the information referrer corresponding to the position is referred to Information corresponding to confidential information can be specified, and the specified set of information can be referred to as a set of information that can be referred to by the predetermined information reference person without any problem of confidentiality. A keyword that matches or is similar to the useful information word included in the information among the keywords related to the predetermined information referer for each piece of information that satisfies the criteria that the information is determined to be a range and includes the useful information word The number of the information is counted, the information whose count result is equal to or greater than a predetermined threshold is specified, and the specified set of information is determined to be useful for the predetermined information reference The process of determining the reference recommended range, the authentication method that can be handled by the predetermined information referer, the information to which the authentication method is applied is specified, and the specified set of information is A process for determining a protection action effective range that is a set of information to which an authentication method that can be handled by an information referer is applied , at least the referable range, the recommended reference range, and the protection range. Comparing the three ranges of the protective treatment effective range, the correspondence information between the information and the range to which the information belongs, the information belonging to the referenceable range, the recommended reference range, and the protective treatment effective range, and the referenceable range Information that belongs only to the reference recommended range, information that belongs only to the protective action effective range, information that belongs to the referable range and the protective action effective range and does not belong to the recommended reference range, and the recommended reference range and protection Processing for creating correspondence information representing information that belongs to the treatment effective range and does not belong to the referenceable range, and information that belongs to the referenceable range and the reference recommended range and does not belong to the protection treatment effective range , and the correspondence relation information It is characterized in that a process of displaying is executed.

In addition, the information management program according to the present invention includes identification information of an information referrer including the ID or name of the information referrer and a keyword related to the information referer as data relating to each information referrer who wants to refer to the information. Information referer attribute storage means for storing attribute information of the information reference person, means for storing a useful information word which is a word indicating that the information can correspond to useful information by being included in the information, For each information referer, the information processing device used by each information referrer and a computer equipped with a usable status storage means such as a device for storing information indicating application software are stored in a predetermined storage area and applied. are for each information attribute information indicating an authentication method that is added on condition that the information contains useful information words, said information Determining processing satisfies the criteria that they contain useful information word, the data for each information referencer for storing information see user attribute storage means, based on the determination result of the processing, the useful information words For each piece of information that meets the criteria for inclusion, the number of keywords that match or are similar to the useful information word included in the information among the keywords related to the predetermined predetermined information reference person is counted, The information whose count result is equal to or greater than a predetermined threshold is specified, and the specified set of information is a recommended reference range that is a set of information determined to be useful for the predetermined information referer. determining processing, the information processing apparatus and the application software the predetermined information reference's use authentication method corresponds is applied JP And, a set of the identified said information, determining processing the current reference range, which is a set of predetermined information reference person can actually refer to information, at least the reference recommended range and said current reference range Comparison information between two ranges and the information and the range to which the information belongs, information that belongs only to the recommended reference range, information that belongs to the recommended reference range and the current referenceable range, and the current reference is possible It is characterized in that processing for creating correspondence information each representing information belonging only to a range and processing for displaying the correspondence information are executed.

In addition, the information management program according to the present invention supports the identification information of the information referrer including the ID or name of the information referrer as data related to each information referrer who wants to refer to the information, and the information referer corresponds to the information reference Information referer attribute storage means for storing possible authentication methods and attribute information of the information referrer including keywords related to the information referrer, and the information can correspond to useful information by being included in the information A useful information word that is a word indicating that, and an information storage device used by each information referrer and a usable status storage unit such as a device that stores information indicating application software for each information referrer. the computer, be stored in a predetermined storage area, for each information attribute information indicating an authentication method that is applied is added, On condition that the broadcast contains useful information words, said information is a process of determining satisfy the criteria that they contain useful information word, the data relating to each information referencer for storing information see User attribute storage means And, based on the determination result of the process, for each piece of information that satisfies the criterion of including a useful information word, it is included in the information among the keywords related to a predetermined predetermined information referrer. Counts the number of keywords that match or are similar to useful information words, identifies information whose counting result is equal to or greater than a predetermined threshold, and sets the identified set of information to the predetermined information reference person is a collection of information determined to be useful reference recommended range and determining processing, the information processing apparatus and the application software the predetermined information reference's use The current referenceable range, which is a set of information that identifies the information to which the authentication method supported by the service is applied, and that the specified information reference can actually refer to the specified set of information A process for determining , referring to an authentication method that can be handled by the predetermined information reference person, identifying information to which the authentication method is applied, and the predetermined information reference person corresponding to the specified set of information possible and authentication methods is a set of information that has been applied protective measures scope as determining process, as compared least the reference recommended range, the three ranges of the current reference range and said protection process scope Information corresponding to the range to which the information belongs, information belonging only to the recommended reference range, belonging to the recommended reference range, and belonging to only one of the current referenceable range and the protective action effective range Information that belongs to the recommended reference range, the current referenceable range, and the protective action effective range, the information that does not belong to the recommended reference range, and that belongs to the current referenceable range and the protective action effective range, and the recommended reference range. A process of creating correspondence information that respectively represents information that does not belong and that belongs to only one of the current referable range and the protective treatment effective range , and a process of displaying the correspondence information is executed. To do.

In addition, the information management program according to the present invention supports the identification information of the information referrer including the ID or name of the information referrer as data related to each information referrer who wants to refer to the information, and the information referer corresponds to the information reference Information referer attribute storage means for storing possible authentication methods and attribute information of the information referrer including keywords related to the information referrer, and the information can correspond to useful information by being included in the information Information relating to each piece of information that is stored in a predetermined storage area and has attribute information indicating an applied authentication method added to a computer having means for storing a useful information word that is a word representing on condition that contains useful information word, it determines the process as the information meets the criteria that they contain useful information word, the information referrer genus And data for each information reference person storage means for storing, based on the determination result of said processing, each information that meet the criteria that they contain useful information word, predetermined information referencer predetermined for Among the related keywords, the number of keywords that match or are similar to the useful information word included in the information is counted, the information whose count result is equal to or greater than a predetermined threshold value is identified, and the identified information , A process for determining a reference recommended range that is a set of information that is determined to be useful for the predetermined information reference, an authentication method that can be handled by the predetermined information reference, and the authentication method A protection measure that identifies information to which the authentication method is applied, and is a set of information to which an authentication method to which the predetermined information referrer is applicable is applied to the specified set of information Process of determining the effective range, by comparing the two ranges of at least the reference recommended range and the protective treatment coverage, a corresponding relationship information between the range information and the information belongs, information belonging only to see the recommended range And creating correspondence information representing information belonging to the recommended reference range and the protective treatment effective range, and information belonging to only the protective treatment effective range , and processing for displaying the correspondence information. Features.

  According to the present invention, two or three of the four viewpoints of confidentiality of information, usefulness, whether the information reference corresponds to the protection measure, and whether the information reference can actually refer to the information. Or, based on four viewpoints, it is possible to easily confirm what set each information referer belongs to. Therefore, it is possible to easily confirm to which information reference the information is disclosed. Further, when each information reference person does not belong to an appropriate set, it can be easily found.

  Also, two or three of the four viewpoints of information confidentiality, usefulness, what information can be referred to by the information referer, and what information protection measures the information referer corresponds to, or Based on the four viewpoints, it is possible to easily confirm what set each information belongs to. Therefore, it is possible to easily confirm what information can be referred to by a specific information referer. Also, if each piece of information does not belong to an appropriate set, it can be easily discovered.

  Further, according to the present invention, it is possible to prevent a use opportunity of useful information from being lost.

  The best mode for carrying out the present invention will be described below with reference to the drawings. In general, “reference” means confirming the presence of information or reading the content of information. In the following description, “referring” means checking the presence of information, reading the contents of information, changing the contents of information, creating a copy of information, and printing out the contents of information. It means that it corresponds to at least any one of.

Embodiment 1 FIG.
The information management system shown as the first embodiment determines a range in which information should be disclosed based on the confidentiality and usefulness of newly input or created information. An electronic document (hereinafter simply referred to as a document), data, or a set of documents and data is input to the information management system as information or newly created. In the first embodiment, the “range” represents a range of information referers, that is, a set of information referers.

  Moreover, in the following description, an information referring person is a person who intends to refer to information. The information referring person may be an individual, or may be a plurality of persons belonging to a specific group (for example, one department of a company). An information referer may not be able to refer to all individual information, and even an information referer may not be able to refer to information. Those who cannot refer to certain information are also included in the information referring person.

  FIG. 1 is a functional configuration diagram illustrating an example of a functional configuration of the information management system according to the first embodiment. In FIG. 1, an information resource 1 is information input to the information management system or newly created information. Incidentally, not shown in FIG. 1, and the information input means for inputting information such as a document, an illustration of the information generation means for generating information such as a document. Further, a plurality of information (e.g., a plurality of documents and data) is applied at or created, the information management system, for each information, the same processing is performed. In the following description, one piece of information (i.e., a single document or a single data) will be described when it is entered. In addition, the information newly input into the information management system or the newly created information corresponds to “predetermined information that may be referred to by an information referer” described in the claims.

  When information is input to the information management system (or when information is newly created), it is determined in advance what type of protection measures will be applied to the information. This protection measure may be determined according to the type of confidential information described later when it is determined. Further, when information is input (or when information is created), an operator (system administrator) may designate a protective measure to be applied to the information. Moreover, the predetermined protective treatment is not limited to one type. For example, a plurality of protection measures such as “encryption, authentication by a personal certificate issued from a directory server, and fingerprint authentication” may be defined in advance as protection measures to be applied to input information. Hereinafter, the personal certificate issued from the directory server is simply referred to as a personal certificate.

  In addition, the degree of safety when protecting information from unauthorized access from a third party varies depending on the type of protection measure. A numerical value indicating the degree of safety is determined for each protection measure. Furthermore, each protection measure is ranked in descending order of safety. There are cases where a plurality of types of protection measures are defined as protection measures to be applied to input information. Therefore, combinations of a plurality of protection measures are also ranked in descending order of safety. For example, the combination of “encryption, authentication by personal certificate, and fingerprint authentication” has a higher ranking than the combination of “encryption, authentication by personal certificate, and authentication by password”. It has been.

  The feature analysis unit 100 collects information (information resource 1) input to the information management system based on the confidentiality of the information. .). An information referrer who is not included in the disclosure range of information is a person who should not refer to the information (that is, a person who should not be able to refer to the information). In addition, the feature analysis unit 100 sets a set of information referents (hereinafter referred to as recommended disclosure ranges) that should refer to the information (information resource 1) input to the information management system based on the usefulness of the information. Is determined).

  Conditions for the information input to the information management system to be established as confidential information are defined in advance. This condition is not limited to one, and there are a plurality of conditions. For example, if a piece of information satisfies the condition “includes the word“ business plan ”, the information is determined to be classified information classified as a trade secret. Further, if certain information satisfies the condition of “including name and address”, the information is determined to correspond to confidential information classified as personal information. As described above, a plurality of conditions for establishing the confidential information are defined. The condition for establishing the confidential information is expressed in the form of “including some word” as in the above example. The words constituting this condition are referred to as confidential information words. In the above example, “business plan”, “person name”, and “address” are confidential information words. The condition for establishing the confidential information may be expressed in the form of “information structure corresponds to a specific format”.

  Moreover, conditions for the information input to the information management system to be established as useful information are also defined in advance. This condition is not limited to one, and there are a plurality of conditions. For example, if certain information satisfies the condition “includes the word FAQ”, the information is determined to correspond to useful information classified as know-how. Further, if certain information satisfies the condition “includes the words“ standard ”and“ specification ”, the information is determined to correspond to useful information classified as a standard. In this way, a plurality of conditions for establishing useful information are also defined. Further, the condition for establishing the useful information is expressed in the form of “including some word” as in the above example. The words constituting this condition will be described as useful information words. In the above example, “FAQ”, “standard”, and “specification” are useful information words. The condition for establishing useful information may be expressed in the form of “information structure corresponds to a specific format”.

  The feature analysis unit 100 includes a content determination unit 111 and a range determination unit 112. The content determination unit 111 determines whether the input information satisfies a predetermined criterion. As this determination process, the content determination unit 111 determines whether or not the input information satisfies the criterion “corresponds to any kind of confidential information”. Then, the content determination unit 111 informs the range determination unit 112 as to what type of confidential information the input information corresponds to (or does not correspond to any type of confidential information) as a determination result of the determination process. Output. Furthermore, the content determination unit 111 determines whether or not the input information satisfies the criterion “include any useful information word”. Then, the content determination unit 111 outputs to the range determination unit 112 which useful information word the input information includes (or does not include any useful information word) as a determination result of the determination process. To do. However, the determination processing described here is an example of a mode of determination processing by the content determination unit 111. The content determination unit 111 may perform other determination processing regarding the content of the input information. The range determination unit 112 determines the disclosure possible range and the recommended disclosure range based on the determination result of the content determination unit 111.

  An example of the functional configuration of the feature analysis unit 100 will be described more specifically. The content determination unit 111 includes a condition extraction unit 2, a confidentiality determination unit 3, and a usefulness determination unit 4. The range determination unit 112 includes a disclosure possible range determination unit 5 and a disclosure recommended range determination unit 6.

  The condition extraction means 2 extracts a word group that can be at least a confidential information word and a useful information word from information input to the information management system. In the present embodiment, it is assumed that the confidential information word and the useful information word are nouns (which may be nouns with a modifier). And the condition extraction means 2 deletes a noun, a verb, an auxiliary verb, an adverb, a conjunction, etc., and extracts a noun (a noun with a modifier is also included). However, in addition to nouns (including nouns with modifiers), other parts of speech may be used as confidential information words and useful information words. In that case, the condition extracting means 2 may extract the part of speech in addition to the noun.

  In addition, in order to cause the condition extraction means 2 to perform the operation of deleting nouns and extracting nouns (or nouns and other parts of speech), existing application software such as “tea bowl” is applied to the condition extraction means 2. May be.

  Further, as already described, the condition for establishing the confidential information may be expressed in the form of “information structure corresponds to a specific format”. In this case, the condition extraction unit 2 does not analyze only the character string included in the information, but analyzes the structure of the information and derives a word corresponding to the structure analysis result. That is, if the condition extraction unit 2 determines that the structure of the information corresponds to a specific format by structural analysis of the information, the condition extraction unit 2 derives a word corresponding to the format. For example, a document input to the information management system may include a character string and a symbol marked as secret (so-called “secret” symbol) in the upper right corner of the first page. In this way, when a specific description is made at a specific location, it may be determined that a word such as “secret” is derived. In this case, the document does not include the character string “Mal secret” itself, but the word “Mal secret” is derived by structural analysis. As a similar example, when there is a description “[Caution for handling]” in a specific place such as the upper right of the document, the word “Caution for handling” may be derived. Note that “confidential” and “handling attention” are confidential information words. Further, recognition of symbols and the like included in the information may be performed by a known image recognition technique. Various symbols such as “secret” symbols may be collated by pattern matching of binary data or collation using a hash value.

  The condition extraction means 2 uses each word extracted from information input to the information management system (in this embodiment, a noun) or a word derived by structural analysis of information as confidentiality determination means 3 and usefulness. Output to determination means 4.

  The confidentiality determination means 3 determines whether or not the input information satisfies the criterion “corresponds to any kind of confidential information” as follows. The confidentiality determination means 3 first determines whether or not a confidential information word is included in the words extracted by the condition extraction means 2 (including words derived by information structure analysis). If the confidential information word is included, the information input to the information management system corresponds to the confidential information. However, the confidentiality determination means 3 further determines that the information is It is determined what kind of confidential information is applicable. If it is determined that the input information corresponds to any kind of confidential information, it is determined that the criterion is satisfied. If it is determined that the input information does not correspond to any kind of confidential information, it is determined that the criteria are not satisfied. The conditions for establishing the confidential information are stored in the condition definition database 101 shown in FIG.

  FIG. 2A is an explanatory diagram illustrating an example of conditions (conditions for establishing confidential information) stored in the condition definition database 101. As shown in FIG. 2A, the condition definition database 101 stores conditions for establishing various types of confidential information for each type of confidential information. “Or” shown in FIG. 2A is a logical expression indicating a logical sum, and “and” is a logical expression indicating a logical product. In FIG. 2, parentheses represented by “()” indicate the priority of the logical operation, and the formula described in the parentheses has a higher priority of the logical operation. In FIG. 2, parentheses represented by “[]” represent a word that is a superordinate concept including a specifically represented word. For example, in the example shown in FIG. 2A, the word “address” is represented by “[address]”. Each specific address is expressed as “W prefecture X-ku 1-chome 2-3-3”, “Y prefecture Z-machi 4-chome 5-6, etc.”, etc., and is expressed by different words. Since a word representing a general concept including these individual specific words is an address, this is represented by “[address]”. The same applies to departments, names of people, telephone numbers, etc.

  The confidentiality determination unit 3 determines what type of confidential information the information input to the information management system corresponds to or does not correspond to the confidential information in accordance with the conditions illustrated in FIG. For example, if the information contains any confidential information word of “secret”, “invention proposal”, or “design specification” and a confidential information word that belongs to the department, It is determined that the information falls under classified information. Further, for example, if the information contains any confidential information word of “handling attention”, “in-house report”, or “business plan”, it is determined that the information falls under classified information classified as a trade secret. If any combination of “person name and address”, “person name and phone number”, “person name and e-mail address”, and “person name and department” is included, it is classified as confidential information classified as personal information. Determined to be applicable. Also included is a combination of confidential information words “members and numbers”, a combination of confidential information words “customer and roster”, or confidential information words “contract”, “contract”, “purchasing history”. If so, it is determined that the classified information is classified as customer information. If neither condition is satisfied, the confidentiality determination unit 3 determines that the input information does not correspond to any type of confidential information (does not meet the criteria).

  Further, when the condition extracting means 2 extracts “affiliation department”, “person name”, “address”, etc., for example, “System Business Department First Development Department”, “Suzuki Hanako”, “W Prefecture X Ward 1 Chome” Extracted as a specific word such as “No. The confidentiality determination means 3 must recognize that these specific words are included in higher concepts such as “affiliation department”, “person name”, and “address”. This recognition process may be realized as follows. The condition definition database 101 stores, for each word representing a superordinate concept, information that defines the arrangement of words that are included in the concept. The confidentiality determination unit 3 recognizes that the word (word group) is a word included in the superordinate concept if the sequence of the words extracted by the condition extraction unit 2 matches this rule. FIG. 2B shows an example of a description that defines a sequence of words to be included in the superordinate concept (here, an address is used as an example). As shown in FIG. 2B, for the superordinate concept of “address”, “a word representing a region”, “a word of a city, road, prefecture, or prefecture”, “a word representing a region” , "City, ward, town, or village word", "number word", "chome", "number word", "number", "number word", "number" A word sequence is defined. If the matching word group of the words has been extracted by the condition extracting unit 2, the confidentiality determining unit 3 recognizes the word group as “address”. In FIG. 2B, the address is described as an example. However, the condition definition database 101 also includes words representing other high-level concepts such as “affiliation department”, “person name”, “phone number”, and “e-mail address”. , Information defining a sequence of words to be included in each superordinate concept is stored. Based on this rule, the confidentiality determination unit 3 determines which higher level concept the word extracted by the condition extraction unit 2 is included in. Note that recognition processing such as “a word representing a region” and “a word representing a number” may be executed by applying existing application software (for example, “tea bowl”).

  Note that the types, conditions, and word arrangement rules shown in FIG. 2 are examples, and the conditions for establishing the confidential information are not limited to those shown in FIG.

  If the confidentiality determination unit 3 determines whether or not the input information satisfies the criterion “corresponds to any kind of confidential information”, the determination result is sent to the disclosure possible range determination unit 5. Output. The confidentiality determination means 3 outputs, as a determination result, what type of confidential information the input information corresponds to (or does not correspond to any type of confidential information). Further, when the confidentiality determination unit 3 determines that it corresponds to the intra-department secret, the confidentiality determination unit 3 also outputs information indicating the division to the disclosure possible range determination unit 5.

  The usefulness determination means 4 determines whether or not the input information satisfies the criterion “includes any useful information word”. The usefulness determining means 4 extracts useful information words from the words extracted by the condition extracting means 2. If the useful information word is extracted, it is determined that the criterion is satisfied, and if the useful information word cannot be extracted, it is determined that the criterion is not satisfied. The condition definition database 101 stores conditions for establishing useful information in addition to conditions for establishing confidential information. As described above, the useful information word is a word that constitutes a condition for establishing useful information. Therefore, the usefulness determination means 4 should just extract a useful information word based on the conditions for establishing as useful information stored in the condition definition database 101. If the input information includes a useful information word, the information is established as useful information. If the input information does not include a useful information word, the information is not established as useful information.

  FIG. 3 is an explanatory diagram illustrating an example of conditions (conditions for establishing useful information) stored in the condition definition database 101. As shown in FIG. 3, the condition definition database 101 stores conditions for establishing various useful information for each type of useful information. The meanings of parentheses represented by “or”, “and”, and “()” shown in FIG. 3 are the same as those described in FIG. In FIG. 3, parentheses represented by “[]” represent a modifier that modifies a noun. For example, “Noun-Sabari Connection” shown in FIG. 3 represents a noun that can be connected to “do”, “can do”, “do it”, “do it down”, and the like. Examples of [noun-sa-variant connection] include “input”, “curing”, and the like. Therefore, as an example corresponding to the ([noun-sa modification connection] method) shown in FIG. 3, there are “input method”, “curing method”, and the like. Further, since [verb] shown in FIG. 3 is placed in front of a noun, it represents a verb that modifies the noun. Therefore, examples that correspond to the ([verb] method) shown in FIG. 3 include “input method”, “curing method”, and the like. The process of identifying [noun-sa-variant connection] or [verb] that modifies the noun may be executed by applying existing application software such as “tea bowl”, for example.

  In the example shown in FIG. 3, the information includes any useful information word of “FAQ”, “Frequently Asked Questions”, “Manual”, “Guide”, “How to”, and “How to”. If so, the information corresponds to useful information classified as know-how. Further, if the information includes any of “ISO”, “JIS”, “RFC”, a combination of “standard” and “standard”, and a combination of “standard” and “specification”, the information is a standard. Indicates useful information classified as. In addition, if the information contains any useful information word of “Proposal”, “Proposal”, or “Proposal”, it indicates that the information falls under useful information classified as idea information. Yes. In addition, if the information contains any useful information word of “Course”, “Exhibition”, “Public Relations”, or “Guidance”, the information must correspond to useful information classified as event information. Is shown. In FIG. 3, classification is shown for each type of useful information. However, a condition for establishing useful information may not be classified for each type of useful information. That is, if any of the conditions illustrated in FIG. 3 is satisfied, it indicates that the information corresponds to useful information, and the type of useful information may not be specified.

  Note that the types and conditions shown in FIG. 3 are merely examples, and the conditions for establishing the useful information are not limited to those shown in FIG.

  Further, even when a certain information satisfies a condition for being established as useful information, the information is not always useful for all information referees. The process of determining whether or not certain information is useful for each individual information referer is performed by the recommended disclosure range determination means 6 as described later. If the usefulness determination means 4 determines whether or not the input information satisfies the criterion “include any useful information word”, the determination result is sent to the recommended disclosure range determination means 6. Output. Specifically, if the useful information word is extracted from the words extracted by the condition extracting unit 2 and it is determined that the criterion is satisfied, the useful information word is determined as the recommended disclosure range determining unit 6 as a determination result. Output to. Further, if it is determined that the useful information word is not extracted from the words extracted by the condition extracting unit 2 and the criterion is not satisfied, the determination result indicates that the input information does not include any useful information word. The information is output to the disclosure recommended range determination means 6.

  Here, the usefulness determining means 4 included in the content determining means 111 determines whether or not the input information satisfies the criterion “any useful information word is included”, and the determination result is as follows. The case where a useful information word or the like is output to the recommended disclosure range determination means 6 has been described. As already described, the mode of determination processing by the content determination unit 111 is not limited to such a mode. For example, the usefulness determining unit 4 included in the content determining unit 111 may determine whether or not the input information satisfies a criterion “corresponds to any kind of useful information”. This determination process may be performed similarly to the process of the confidentiality determination unit 3. That is, the usefulness determination means 4 determines whether or not a useful information word is included in the words extracted by the condition extraction means 2 (including words derived by information structure analysis). If the useful information word is included, the information input to the information management system corresponds to the useful information, but the usefulness determination means 4 further determines how the information is based on the useful information word. It is judged whether it corresponds to various kinds of useful information. If it is determined that the input information corresponds to any kind of useful information, it is determined that the criterion is satisfied. If it is determined that the input information does not correspond to any kind of useful information, it is determined that the criterion is not satisfied. The relationship between the useful information word and the type of useful information (see FIG. 3) is stored in the condition definition database 101. If the usefulness determination means 4 determines whether or not the input information satisfies the criterion “corresponds to any kind of useful information”, the determination result is sent to the recommended disclosure range determination means 6. Output. The usefulness determination means 4 outputs what kind of useful information the input information corresponds to (or does not correspond to any kind of useful information) as a determination result. At this time, the useful information word included in the words extracted by the condition extraction unit 2 may also be output to the recommended disclosure range determination unit 6. The disclosure recommended range determination means 6 performs processing for determining whether or not the information input to the information management system is useful for each individual information reference person.

  A specific example of processing of the condition extraction unit 2, the confidentiality determination unit 3, and the usefulness determination unit 4 when information is input to the condition extraction unit 2 will be described below. Here, the usefulness determination means 4 determines whether or not the input information satisfies the criterion “include any useful information word”, and recommends disclosure of the useful information word as a determination result. An example of outputting to the range determination unit 6 will be described. FIG. 4A and FIG. 4B show examples of input information. Assuming that the information (document) shown in FIG. 4A is input, the condition extraction means 2 performs “next year business plan”, “proposal”, “September 30, 2003”, “system division first Extract nouns such as "Development Department" and "Hanako Suzuki". Further, the condition extraction means 2 recognizes that the “confidential” symbol is written in the upper right of the document, and as a result, derives the word “confidential”. The condition extraction unit 2 outputs each of these words to the confidentiality determination unit 3 and the usefulness determination unit 4. The confidentiality determination means 3 recognizes that “system business department first development department” is a word included in the superordinate concept “affiliation department” based on the rules stored in the condition definition database 101, Recognize that “Hanako Suzuki” is a word included in the superordinate concept of “name”. The confidentiality determination means 3 includes “confidentiality” and a word that belongs to the department (system development department first development department). Therefore, the document shown in FIG. (See FIG. 2A). Since the confidential information word “business plan” is also included, the confidentiality determination means 3 determines that the document shown in FIG. 4A also corresponds to confidential information classified as a trade secret (FIG. 2). (See (a).) As described above, one document may correspond to a plurality of types of confidential information. The confidentiality determination means 3 outputs information indicating that the document shown in FIG. 4A corresponds to a trade secret and a secret within the department of the system business department first development department to the disclosure possible range determination means 5. The usefulness determining means 4 determines that there is a useful information word “Proposal” in the words output by the condition extracting means 2 (see FIG. 3), and outputs the useful information word to the disclosed recommended range determining means 6. To do.

  If the information (document) shown in FIG. 4B is input, the condition extraction means 2 extracts nouns such as “topic”, “new product preview”, “guidance” (“new product”). "Introductory guide" may be extracted as a single noun.) Further, the condition extracting means 2 recognizes that “notes for handling” is written in the upper right of the document, and as a result, derives the word “notes for handling”. The condition extraction unit 2 outputs each of these words to the confidentiality determination unit 3 and the usefulness determination unit 4. Since the confidentiality determination means 3 includes the confidential information word “careful handling” in the word output by the condition extraction means 2, the confidential information in which the document shown in FIG. (See FIG. 2A). The usefulness determining means 4 determines that there is a useful information word “guidance” in the words output by the condition extracting means 2 (see FIG. 3), and the useful information word is sent to the recommended disclosure range determining means 6. Output.

  The disclosure possible range determination unit 5 determines the determination result by the confidentiality determination unit 3 (whether the input information corresponds to any type of confidential information or does not correspond to any type of confidential information), and the individual / organization Based on the storage contents stored in the information database 102 (corresponding to the information referer attribute storage means and the information reference person storage means), the disclosure possible range for the information input to the information management system is determined.

  The personal / organization information database 102 stores information representing individuals belonging to an organization (for example, a company) and information representing the attributes of each individual. FIG. 5 is an explanatory diagram showing an example of stored contents stored in the personal / organization information database 102. In FIG. 5, each item of “employee number”, “name”, “affiliation department”, “job title”, “field of responsibility”, “security correspondence”, and “related keyword” of an individual belonging to a company is stored in association with each other. An example of the case is shown. The “security correspondence” item indicates what kind of protection measures can be taken by the employee (information reference person). For example, if “fingerprint authentication device” is included in the “security correspondence” item, it means that the employee can refer to documents and data that require fingerprint authentication. Further, for example, if “personal certificate” is included in the “security correspondence” item, it means that the employee can refer to documents and data that require the personal certificate. In the “security correspondence” item illustrated in FIG. 5, “fingerprint authentication device” and “personal certificate” are illustrated, but the contents included in the “security correspondence” item are not limited to these two items. If other protection measures (for example, encryption of information) are adopted in the organization as protection measures for information, the “security measures” item for employees who can refer to the information for which the protection measures have been applied , Information indicating that the protection measure can be handled is stored. Further, the “related keyword” item is a keyword related to the information referer. For example, if a certain employee is engaged in a web service related business, the keyword “Web service” is stored as a related keyword as illustrated in FIG.

  In the example shown in FIG. 5, “employee number” and “name” are information representing an individual. “Department”, “Job title”, “Responsible field”, “Security support”, and “Related keywords” are information representing individual attributes. FIG. 5 shows an example of the contents stored in the personal / organization information database 102. Each item stored in the personal / organization information database 102 may not be the same as each item shown in FIG.

  As described above, the disclosure possible range determination unit 5 determines the disclosure possible range of information input to the information management system based on the type of confidential information and the stored contents of the personal / organization information database 102. At this time, the disclosure possible range determination means 5 uses information indicating the position of the information referer in the organization among the stored contents of the personal / organization information database 102. In the items illustrated in FIG. 5, the “affiliation department” item and the “job title” item are information indicating the position of the information reference person in the organization. Accordingly, the disclosure possible range determination unit 5 determines the disclosure possible range with reference to, for example, the “affiliation department” item and the “job title” item.

  The determination process of the disclosure possible range will be described more specifically. A rule indicating which type of confidential information can be referred to according to the position in the organization is determined in advance by the system administrator, and the disclosure possible range determination means 5 stores this rule in advance. Then, the disclosure possible range determination means 5 extracts the information referrer who can refer to the information from the personal / organization information database 102 based on the type of confidential information determined by the confidentiality determination means 3 according to the rule. The set of extracted information referers is within the disclosure possible range.

  As examples of rules, for example, “confidential information classified as trade secret or personal information can be referred to by any employee”, “confidential information classified as customer information belongs to the sales department. “Only employees can refer.”, “Confidential information classified as confidential within a department can be referenced only by employees belonging to that department (that is, the department included in the conditions used when it is determined that the confidential information is within the department). Is possible. " The disclosure possible range determination means 5 is based on the information output from the confidentiality determination means 3 and the “affiliation department” item and the “job title” item in the personal / organization information database 102 so as to satisfy each rule. Information referrers are extracted from the organization information database 102. A set of information referers extracted by the disclosure possible range determination means 5 is a disclosure possible range.

  In addition, for example, a rule that “everyone can refer to information that does not correspond to confidential information” is defined. If such a rule is set, when the confidentiality determination means 3 outputs a determination result that “the input information does not correspond to any kind of confidential information”, the disclosure possible range determination means 5 Extract referrers. That is, the set of all information referers is within the disclosure possible range.

  The confidentiality determination means 3 may determine the degree of confidentiality of information in addition to the type of confidential information to which the input information corresponds. And the disclosure possible range determination means may extract the information referrer based on the rule using the degree of confidentiality. For example, as a condition illustrated in FIG. 2A, if the condition “including a person's name and address” is satisfied once, it corresponds to personal information for one person. If it is satisfied, it corresponds to personal information for 50 people. Then, the greater the number of people, the higher the degree of confidentiality of the input information. In addition, it may be determined how many persons are included in the confidential information corresponding to the customer information. Also in this case, the number of customers becomes the degree of confidentiality. Although the case where the number of individuals or customers is set as the degree of confidentiality is shown here, the degree of confidentiality may be determined according to other criteria. Moreover, if a rule using the degree of confidentiality is defined in advance as a rule, information referers can be extracted according to the degree of confidentiality. As an example of a rule using the degree of confidentiality, for example, “information including personal information or customer information for 50 persons or more can only be referred to by a person with a position equal to or higher than the general manager”.

  The recommended disclosure range determination unit 6 determines the recommended disclosure range for information input to the information management system based on the result of the determination process executed by the content determination unit 111 (usefulness determination unit 4). Here, first, the usefulness determination means 4 determines whether or not the input information satisfies the criterion “includes any useful information word.” As a determination result, the useful information word or the like is determined. A case of outputting will be described. In this case, the recommended disclosure range determination unit 6 determines the recommended disclosure range based on the useful information word output by the usefulness determination unit 4 and the stored contents stored in the personal / organization information database 102. The recommended disclosure range determination unit 6 collates the useful information word output by the usefulness determination unit 4 with the related keywords of each employee (each information reference person) stored in the personal / organization information database 102. Then, it is determined whether or not there is a match or similar to the useful information word among the related keywords of one employee (information reference person), and the count value is incremented by 1 each time there is one match or similar. For example, assume that the usefulness determination means 4 outputs five types of useful information words W1 to W5. If W1, W3, W4, W6, and W7 are included in the related keywords of one employee (information reference person), the count value is 3 because three of W1, W3, and W4 match. If the count value obtained as a result of the collation is equal to or greater than a predetermined threshold value, the recommended disclosure range determination unit 6 determines that the input information is useful for the information reference person. In addition, when determining that it is not only a match (complete match) but similar, a database showing a correspondence relationship of synonymous words and a database for storing information on words in a similar relationship are prepared in advance. What is necessary is just to determine that a useful information word and a related keyword are similar using these databases. The recommended disclosure range determination means 6 performs such determination for each employee, and extracts employees whose count value is equal to or greater than a threshold value. The set of extracted employees is the recommended disclosure range.

  When the determination result that “the input information does not include any useful information word” is output from the usefulness determination unit 4, the disclosure recommendation range determination unit 6 does not extract any information referrer. As a result, the recommended disclosure range is an empty set.

  Further, here, the case where the useful information word and the related keyword are collated for each employee has been described as an example. In this case, the disclosure recommendation range determination means 6 extracts each related keyword of employees belonging to one group (here, a department), compares the related keyword with a useful information word, and calculates a count value. To do. If the count value is equal to or greater than a predetermined threshold value, it is determined that the input information is useful for each employee belonging to the department. This determination is performed for each department, and employees belonging to the department whose count value is equal to or greater than the threshold value are extracted. The set of extracted employees is the recommended disclosure range.

  The recommended disclosure range determination means 6 may collate the useful information word and the related keyword via the “field in charge” item instead of collating directly with the useful information word. In this case, a related keyword is defined for each “in-charge field”, and the related keyword corresponding to each in-charge field is stored in a storage device (may be the personal / organization information database 102). For example, related keywords such as “encryption”, “virus”, and “information leakage” are stored in correspondence with the field in charge of “security”. The recommended disclosure range determination means 6 refers to the “area in charge” item of the personal / organization information database 102 when collating one employee (or one department). Thereafter, the related keyword corresponding to the field in charge may be read from the storage device, and the related keyword and useful information word may be collated.

  The related keywords are stored in advance in the personal / organization information database 102 for each employee, for example, by a system administrator in advance. Also, the recommended disclosure range determination means 6 is extracted from information stored in the terminal device used by each information referer (or a terminal device shared by employees belonging to individual departments). The related keyword may be requested to be transmitted, and the related keyword received from the terminal may be stored in the personal / organization information database 102.

  FIG. 6 is a block diagram illustrating a configuration example of a terminal device used by each information reference person (or a terminal device shared by employees belonging to individual departments). In the terminal device 51, the storage device 54 stores a program 54a. The program 54a is a program that causes the control unit 52 to execute the same processing as the condition extraction unit 2 and the usefulness determination unit 4. The document storage device 53 stores a document 53 a collected by an information referer (or department) who uses the terminal device 51. The communication device 55 is an interface with a communication network (for example, the Internet, LAN, WAN, etc.), and transmits / receives information to / from the information management system shown in FIG. 1 via the communication network. The control unit 52 is requested to transmit a related keyword from the recommended disclosure range determination unit 6 via the communication network. Then, the control unit 52 executes the same processing as the condition extracting unit 2 and the usefulness determining unit 4 for the document 53a according to the program 54a. At this time, the control unit 52 may refer to the condition definition database via the communication device 55 and the communication network. As a result, the control unit 52 extracts useful information words from the document 53a. The control unit 52 transmits the useful information word extracted from the document 53a to the personal / organization information database 102 via the communication network as a related keyword of the information referrer who uses the terminal 51, and stores it. As described above, the related keyword of the information reference person or department may be collected from the terminal device of the information reference person or department and stored in the personal / organization information database 102.

  Next, regarding the processing of the recommended disclosure range determination means 6 when the usefulness determination means 4 determines whether or not the input information satisfies the criterion “corresponds to any kind of useful information.” explain. In this case, the disclosure recommendation range determination means 6 stores rules that are predetermined by a system administrator or the like. Then, according to the rules, the recommended disclosure range determination means 6 determines the result of determination by the usefulness determination means 4 (whether the input information corresponds to any kind of useful information or does not correspond to any kind of useful information) ) Is extracted from the personal / organization information database 102 to recommend information reference. The set of extracted information referers is the recommended disclosure range. As a rule stored in advance by the recommended disclosure range determination means 6, for example, “useful information classified as know-how is recommended to information referees in the position of“ in charge ”. When this rule is established and the usefulness determination means 4 outputs a determination result that “input information corresponds to know-how”, the recommended disclosure range determination means 6 refers to the information whose position is “in charge”. It is sufficient to extract a person and make it a disclosure recommended range. Further, using a useful information word, for example, a rule such as “information determined to be useful information by the useful information word W1 is recommended for information referees that include W1 as a related keyword.” It may be done. When this rule is established and the usefulness determination means 4 outputs the type of useful information and the useful information word W1 as the determination result, the information reference person including W1 in the related keyword is extracted and the recommended disclosure range do it. In addition, for example, a rule that “information not applicable to useful information is not recommended to anyone” is set. If such a rule is set, when the usefulness determination means 4 outputs a determination result that “the input information does not correspond to any kind of useful information”, the recommended disclosure range determination means 6 Do not extract. That is, the recommended disclosure range is an empty set.

  The information referer extraction process by the confidentiality determination unit 3 and the disclosure possible range determination unit 5 is an example of a suitable process by the confidentiality determination unit 3 and the disclosure possible range determination unit 5. The confidentiality determination unit 3 and the disclosure possible range determination unit 5 may extract information referers constituting the disclosure possible range by other methods. Similarly, the information referer extraction process by the usefulness determination unit 4 and the recommended disclosure range determination unit 6 is an example of a suitable process by the usefulness determination unit 4 and the recommended disclosure range determination unit 6. The usefulness determination unit 4 and the disclosure recommendation range determination unit 6 may extract information referers constituting the disclosure recommendation range by other methods.

  Next, the protective treatment effective range determination means 10 shown in FIG. 1 will be described. The protective treatment effective range determination means 10 determines the protective treatment effective range. “Protective treatment effective range” in the present embodiment (and the second embodiment described later) means that even if a protective measure for preventing unauthorized reference to input information is applied It is a set of information referers who can refer to information. As described above, when information is input to the information management system, it is determined in advance which type of protection measures will be applied to the information (or system management that performs operations such as input). Protective action is specified by the person). The protection measure effective range determination unit 10 refers to the “security correspondence” item in the stored contents of the personal / organization information database 102 and extracts information referees who can refer to the information on which the protection measure has been applied. A set of information referring persons extracted by the protective treatment effective range determination means 10 is a protective treatment effective range. For example, an information referer who includes “fingerprint authentication device” in the “security correspondence” item is a person who is permitted to refer to information that requires fingerprint authentication. Accordingly, when fingerprint authentication is defined as a protection measure for the input information, the protection measure effective range determination means 10 selects an information referrer that includes “fingerprint authentication device” in the “security correspondence” item. Extract.

  In some cases, a plurality of protective measures are determined in advance. In this case, the protection measure effective range determination means 10 refers to the “security correspondence” item and extracts information referers who can deal with all of the plurality of protection measures. For example, when a combination of protection measures “encryption, authentication by personal certificate, and fingerprint authentication” is defined, information referers that can handle all three types of protection measures are extracted.

  The information referer who belongs to any of the disclosure possible range, the disclosure recommended range, and the protective treatment effective range is represented by, for example, a name, but may be represented by a name other than the name. For example, it may be represented by an ID such as an employee number assigned to each person. Or you may represent by the identification number of the apparatus (terminal device) which the information reference person uses. Further, when all information referers belonging to a certain group or location are represented, the information referrer may be represented by the group name or group ID of the group or the location name or location ID of the location.

  The range comparison means 7 compares the disclosure possible range, the disclosure recommended range, and the protective treatment effective range. When comparing these three ranges, the range comparison means 7 determines the following seven subsets. The first subset is a set of information referers belonging to any of the disclosure possible range, the disclosure recommendation range, and the protective treatment effective range. The second subset is a set of information referers belonging only to the disclosure possible range. The third subset is a set of information referers who belong only to the recommended disclosure range. The fourth subset is a set of information referers who belong only to the protective treatment effective range. The fifth subset is a set of information referers who belong to the disclosure possible range and the protective treatment effective range but do not belong to the disclosure recommended range. The sixth subset is a set of information reference persons who belong to the disclosure recommendation range and the protective treatment effective range but do not belong to the disclosure possible range. The seventh subset is a set of information reference persons who belong to the disclosure possible range and the disclosure recommendation range but do not belong to the protective treatment effective range. If the range comparison means 7 determines each subset, the information reference person who belongs to each subset is memorize | stored in a memory | storage device (not shown in FIG. 1) for every subset. FIG. 7 shows an example of information referer stored for each subset when the subset is determined by comparing the disclosure possible range, the disclosure recommendation range, and the protective treatment effective range.

  The range display unit 8 is realized by, for example, a CPU that operates according to a program and a display device. The range display unit 8 displays each subset determined by the range comparison unit 7 using a GUI (Graphic User Interface). FIG. 8A is an explanatory diagram illustrating a display example when a Venn diagram is used as a GUI. In FIG. 8A, the first subset is represented as a range sa11 in which the disclosure possible range a1, the disclosure recommended range a2, and the protective treatment effective range a3 overlap. The second subset is represented as a range sa12 that does not overlap with the disclosure recommended range a2 and the protection treatment effective range a3 in the disclosure possible range a1. The third subset is represented as a range sa13 in the recommended disclosure range a2 that does not overlap with the disclosure possible range a1 and the protection measure effective range a3. The fourth subset is expressed as a range sa14 that does not overlap the disclosure possible range a1 and the disclosure recommended range a2 in the protective treatment effective range a3. The fifth subset is represented as a range sa15 that is an overlapping portion of the disclosure possible range a1 and the protective treatment effective range a3 and does not overlap with the recommended disclosure range a2. The sixth subset is represented as a range sa16 that is an overlapping portion of the disclosure recommendation range a2 and the protective treatment effective range a3 and does not overlap with the disclosure possible range a1. The seventh subset is an overlapping portion of the disclosure possible range a1 and the disclosure recommendation range a2, and is represented as a range sa17 that does not overlap with the protective treatment effective range a3.

  It is useful for an information referer belonging to the first subset (range sa11) to refer to the information input to the information management system without any problem in terms of confidentiality. An information referrer who should be recommended and determined to correspond to a predetermined protective action. The information referrer belonging to the second subset (range sa12) is an information referrer that has been determined to correspond to excessive disclosure and does not correspond to a predetermined protective measure. “Over-disclosure” means that there is no problem in maintaining confidentiality even if information input to the information management system is referred to, but the information cannot be effectively used even if the information is referred to. The information referrer belonging to the third subset (range sa13) is an information referrer that is determined to correspond to insufficient disclosure and does not correspond to a predetermined protective measure. “Insufficient disclosure” means that information can be effectively used by referring to information input to the information management system, but for confidentiality, reference should not be permitted. Information referrer belonging to the fourth subset (range sa14) corresponds to the prescribed protective measures, but it should be determined that the reference should not be permitted and the information cannot be used effectively for security reasons. Information referer. The information referrer belonging to the fifth subset (range sa15) is an information referrer that has been determined to correspond to excessive disclosure and correspond to a predetermined protective measure. The information referrer belonging to the sixth subset (range sa16) is an information referrer that is determined to correspond to a predetermined protective measure corresponding to insufficient disclosure. An information referer who belongs to the seventh subset (range sa17) has no problem in confidentiality even if referring to the information, and it is useful to refer to the information, and should be recommended. Information referrer that does not correspond to the prescribed protective measures.

  The range operation means 9 (corresponding to the range operation means and the designation means) is configured by a pointing device (for example, a mouse) that designates a part of the display screen. The range operation means 9 designates one of the ranges sa11 to sa17 according to the operation of the system administrator. When one of the ranges sa11 to sa17 is specified by the range operation unit 9, the range display unit 8 corresponds to the specified range from information (see FIG. 7) in which information referers are grouped for each subset. The information referrer to be extracted is displayed. FIG. 8B illustrates an example of the display of the information referrer when the range is designated. FIG. 8B shows a display example when the seventh subset (range sa17) is designated. Note that the range display unit 8 may display information of an information reference person corresponding to the range specified by the range operation unit 9 on a display device different from the display device that displays the GUI. Or you may memorize | store in the memory | storage device different from the memory | storage device which memorize | stores the information illustrated in FIG. Or you may transmit to an external apparatus via a communication network. Further, the range display means 8 may display the GUI representing each subset, and at the same time display the information referrer belonging to each subset for each subset.

  The system administrator can confirm the information referrer corresponding to each subset (range sa11 to sa17) and determine whether the confirmed information referer belongs to an appropriate subset. When the confirmed information reference person does not belong to an appropriate subset, the information management system accepts an operation for moving the information reference person to an appropriate subset. When the system administrator wants to move the information referrer to another subset, the system administrator performs an operation of dragging and dropping the displayed information referer to the range of the desired subset as shown in FIG. Just do it. The range display means 8 and the range operation means 9 of the information management system accept this drag and drop operation.

  For example, among each subset, an information referer who belongs to the seventh subset (range sa17) has no problem in confidentiality of information, and it is useful to refer to the information. There is a problem that it does not correspond to the protective measures applied to the information. Therefore, it is preferable that the information referer belonging to the seventh subset (range sa17) is moved to the first subset (range sa11). In this case, the system administrator displays the information referer belonging to the seventh subset as shown in FIG. 8B, and performs a drag-and-drop operation so as to move the information referer to the range sa11. At this time, the range display means 8 and the range operation means 9 accept this drag and drop operation. Then, the range display unit 8 notifies the protection measure changing unit 14 that the information referer belonging to the seventh subset (range sa17) has been dragged and dropped into the range sa11.

  Upon receiving this notification, the protection measure changing means 14 changes the protection measure defined for the input information. Note that the protection measure changing means 14 only changes the type of protection measure, and does not actually apply the protection measure to the information input to the information management system. The protection measure changing means 14 confirms the “security correspondence” item (see FIG. 5) of the information reference person who is the object of the drag-and-drop operation, and based on the content of the “security correspondence” item, the degree of safety is as much as possible. Select safeguards with a high level of safety (protection of information from unauthorized access). For example, the predetermined protective action for the input information was “encryption, authentication by personal certificate, and fingerprint authentication”, but the information referer who belongs to the seventh subset (range sa17) It is assumed that the “security correspondence” item in FIG. 3 does not include a fingerprint authentication device. This information reference person cannot cope with fingerprint authentication. The protection measure changing means 14 confirms the “security correspondence” item of the information referring person and selects a protection measure having the highest possible safety level. If it is determined based on the “Security Response” item that the most secure protection measure that this information reference can handle is “Encryption, Authentication with Personal Certificate, and Authentication with Password”, The action changing means 14 changes the protection action defined as “encryption, authentication by personal certificate, and fingerprint authentication” to “encryption, authentication by personal certificate, and authentication by password”.

  The protection measure changing unit 14 outputs the type of protection procedure after the change to the protection measure effective range determination unit 10. The protective treatment effective range determination means 10 re-determines the protective treatment effective range based on the changed protective treatment. The range comparison means 7 compares each range again according to the newly determined protection treatment effective range, and determines seven types of subsets. At this time, the protective treatment effective range determination means 10 also outputs information on the protective treatment after the change to the range comparison means 7. The range display unit 8 displays a GUI indicating the newly determined subset.

  However, even if the protection measure changing means 14 changes the protection measure, the seventh subset may not become an empty set only by switching information referers belonging to the seventh subset. In this case, the system administrator compares information referers belonging to the seventh subset before and after performing the drag-and-drop operation, and determines which of the protection measures before and after the drag-and-drop operation is preferable. to decide. Further, for example, the range comparison unit 7 may determine that the protection measure in which the number of information referers belonging to the seventh subset is smaller is appropriate. If the seventh subset becomes an empty set by the drag-and-drop operation, for example, the range comparison unit 7 determines that the protection treatment after the drag-and-drop operation is appropriate.

  Here, the operation in the case of moving the information referrer belonging to the seventh subset to the first subset has been described. The system administrator does not always instruct only the movement of information referers belonging to the seventh subset. For example, there is a case where a drag-and-drop operation is performed so as to move an information referer belonging to the third subset (range sa13) to the first subset (range sa11). When a drag-and-drop operation for moving an information reference from a certain range to another range is performed, the range display unit 8 outputs a message corresponding to the combination of the range before the movement and the range of the movement destination. This message is a message for instructing a work necessary for realizing the movement designated by the system administrator. FIG. 9 shows an example of a message displayed in response to a drag and drop operation. The content of the message varies depending on which range of information referer is moved to which range. The system administrator performs necessary work according to the message. For example, when a certain information reference belongs to a desired subset, the information reference stored in the personal / organization information database 102 is stored so that there is no contradiction even if the information reference belongs to the desired subset. Rewrite items related to the user (such as “security support” item and “related keyword” item). When the work necessary for realizing such movement is completed, the system administrator inputs the fact using an input means (not shown) such as a keyboard. This input means receives an input from the system administrator. The range comparison means 7 changes the subset to which the information referer belongs in response to a drag-and-drop operation performed by the system administrator, when it is input that the necessary work has been completed. Specifically, information (information illustrated in FIG. 7) indicating information referers belonging to each subset is updated.

  In addition, when an operation for moving an information reference person belonging to the seventh subset to the first subset is performed, as described above, the protection measure changing unit 14 performs a process of changing the protection procedure. Execute. However, even if an operation to move the information referrer belonging to the seventh subset to the first subset is performed, a message is output in the same way as for other moves, and the system administrator is notified. Necessary treatment may be prompted. In this case, the information management system may not include the protection measure changing unit 14.

  The system administrator examines whether the information referer belongs to an appropriate subset, and if there is an inappropriate case, performs an operation of moving the information referrer. If the examination result is satisfactory, the fact that the information referer belongs to an appropriate subset is input using an input means (not shown) such as a keyboard. This input means receives an input from the system administrator. When the information indicating that the information referer belongs to an appropriate subset is input, the protection measure application unit 11 illustrated in FIG. 1 performs a predetermined protection measure on the information input to the information management system. (Or output instructions to the system administrator to apply the protective action). For example, if a protective measure “encryption, authentication by personal certificate, and fingerprint authentication” has been determined in advance, a process of encrypting information input to the information management system is executed. Further, an instruction of a procedure for making it possible to refer to the information when both the authentication by the personal certificate and the authentication by the fingerprint is successful is output, and the system administrator is prompted to perform the procedure.

  However, as already described, the protection measure changing means 14 may change the type of protection measure that has been determined in advance. When the protection action changing means 14 changes the type of protection action, the protection action applying means 11 applies the changed protection action to the information input to the information management system (or the changed protection action is applied). Output instructions to the system administrator to apply.)

  Next, the information arrangement unit 12 shown in FIG. 1 will be described. The information management system includes a storage device (not shown in FIG. 1) for storing input information. This storage device may be a storage device that is housed in the same housing as the housing that houses the information management system shown in FIG. 1, or is connected to the information management system shown in FIG. 1 via a communication network. It may be a storage device. This storage device is provided with a storage area that can be accessed only by information referers belonging to the first subset (range sa11). That is, a storage area from which written information is read only when there is an information reference request from an information referer belonging to the first subset. The information arrangement unit 12 stores the information to which the protection procedure is applied by the protection procedure application unit 11 (or information in which an instruction is output to the system administrator to apply the protection procedure) in this storage area. As a result, only information referers belonging to the first subset (range sa11) can refer to this information, and those belonging to other subsets cannot refer to this information.

  Alternatively, instead of providing the storage device with a storage area that can be accessed only by information referers belonging to the first subset, a storage area that can be accessed only by information referers belonging to the disclosure possible range (range a1) may be provided. . That is, a storage area from which written information is read only when there is an information reference request from an information reference person belonging to the disclosure possible range may be provided. And the information arrangement | positioning means 12 may memorize | store information in this storage area. In this case, only the information referer who belongs to the disclosure possible range can refer to the input information, and the information referer who does not belong to the disclosure possible range cannot refer to the information.

  The notification means 13 notifies the information referer of the presence of newly input information (for example, the newly input information is stored in the storage device) and the method of referring to the information. At this time, the notification means 13 notifies at least information referers belonging to the first subset (range sa11). The information reference method includes information such as which storage area of which device should be accessed and what kind of authentication or decryption can be used to refer to the information.

  The notification means 13 may perform notification by sending e-mail, for example. Further, when sending an e-mail, an e-mail address is stored for each information reference person in the personal / organization information database, and the notification means 13 may send an e-mail using the e-mail address. .

  The information management system may include only one or two of the protection measure application unit 11, the information arrangement unit 12, and the notification unit 13. Or the structure which is not equipped with all the protection treatment application means 11, the information arrangement means 12, and the notification means 13 may be sufficient. Further, the order of the processing executed by the protection measure application unit 11, the information arrangement unit 12, and the notification unit 13 may be any order. For example, the processing by the information arrangement unit 12 may be executed after the notification processing by the notification unit 13 is completed.

  In the above description, a case where one piece of information (that is, one document or one piece of data) is input to the information management system has been described as an example. However, when a plurality of pieces of information are input or created, What is necessary is just to perform the same process sequentially with respect to each information.

  1, the condition extraction unit 2, the confidentiality determination unit 3, the usefulness determination unit 4, the disclosure possible range determination unit 5, the disclosure recommended range determination unit 6, the range comparison unit 7, the protective treatment effective range determination unit 10, The protection measure change unit 14, the protection measure application unit 11, the information arrangement unit 12, and the notification unit 13 are realized by a CPU that operates according to a program, for example. As already described, the range display means 8 is realized by a CPU and a display device that operate according to a program, for example. There may be one CPU that realizes each means.

  In the above description, an example in which a Venn diagram is used as a GUI is shown. Hereinafter, a display example of a subset when an icon and a window indicating a folder are used as a GUI will be described. FIG. 10 is an explanatory diagram showing an example of display when icons and windows are used as GUIs. Three folders (icons) shown in FIG. 10A correspond to the disclosure possible range, the disclosure recommendation range, and the protective treatment effective range, respectively. The disclosure possible range folder f1 is a folder including information referers belonging to the disclosure possible range. The recommended disclosure range folder f2 is a folder including information referers belonging to the recommended disclosure range. The protective treatment effective range folder f3 is a folder including information referers belonging to the protective treatment effective range. When each of the folders f1 to f3 is designated by the range operation means 9, the range display means 8 displays a window showing the contents of the designated folder.

  When the range display unit 8 displays a window, the range display unit 8 displays icons in the window as follows. When the designated folder (range) includes a subset in which the designated range and the range not yet designated are included, the range display means 8 uses the folder indicating the subset as an icon. indicate. Further, when an information referrer that does not belong to a range not yet designated is included in the designated folder, an icon indicating the information referer is displayed.

  A case where the disclosure possible range f1 is designated will be described as an example. When the disclosure possible range folder f1 is designated, the range display means 8 displays a window w1 illustrated in FIG. The openable range folder f1 includes a subset in which the specified openable range and the recommended open disclosure range that has not been specified yet overlap. Therefore, the range display unit 8 displays the folder f4 (disclosure recommended range folder f4) indicating this subset in the newly opened window w1. In addition, the disclosure possible range folder f1 includes a subset in which the designated disclosure possible range and the protection treatment effective range not yet designated overlap. Therefore, the range display means 8 displays the folder f5 (protective treatment effective range folder f5) indicating this subset in the newly opened window w1. Further, the range display means 8 represents an information reference person who is an information reference person included in the disclosure possible range folder f1 and has not yet been specified and belongs to the recommended disclosure range and the protection action effective range. It is displayed as an icon (icon f6 in the example shown in FIG. 10B). In the window w1 shown in FIG. 10B, the recommended disclosure range folder f4 corresponds to the union of the ranges sa11 and sa17 shown in FIG. The protective treatment effective range f5 corresponds to the union of the ranges sa11 and sa15 shown in FIG. The icon f6 indicates an information referer who belongs to the range sa12 shown in FIG.

  Furthermore, it is assumed that the recommended disclosure range folder f4 shown in FIG. In this case, the range display unit 8 displays a window w2 illustrated in FIG. The recommended disclosure range folder f4 includes a subset in which the specified range and the protection action effective range not yet specified overlap. Therefore, the range display means 8 displays the folder f7 (protective treatment effective range folder f7) indicating this subset in the newly opened window w2. In addition, the range display means 8 is an icon that represents an information referrer himself / herself who is an information referer included in the recommended disclosure range folder f4 and does not belong to the protection measure effective range not yet designated (FIG. 10). In the example shown in (c), it is displayed as icons f8, f9). The protective treatment effective range folder f7 corresponds to the range sa11 shown in FIG. Accordingly, when the protection measure effective range folder f7 is designated, the range display means 8 displays the icons of information referers belonging to the range sa11 in a new window w2. Icons f8 and f9 indicate information referers belonging to the range sa17 shown in FIG.

  Here, the case where the disclosure possible range folder f1 shown in FIG. 10 (a) and the recommended disclosure range folder f4 shown in FIG. 10 (b) are specified has been described as an example. The range display means 8 displays a new window in the same manner. Note that icons representing the sets (for example, icons f1 to f5 and f7) correspond to first icons. Icons indicating information referers (for example, icons f6, f8, and f9) correspond to second icons.

  When the icon illustrated in FIG. 10 is displayed, the range display unit 8 and the range operation unit 9 may accept a change of the subset to which the information referer belongs by dragging and dropping the icon. For example, the icons f8 and f9 belong to the seventh subset (range sa17 shown in FIG. 8). However, it is not preferable that there is an information referrer belonging to the seventh subset. In such a case, the range display unit 8 and the range operation unit 9 accept an operation of moving the icons f8 and f9 to another folder (for example, the protective treatment effective range folder f7 corresponding to the range sa11) by drag and drop. May be. The operation of the information management system when a drag-and-drop operation for moving an icon indicating an information referrer to a folder is performed is the same as the operation when the Venn diagram is a GUI.

  For example, when a drag-and-drop operation for moving an icon indicating an information referer belonging to the seventh subset to the protection treatment effective range folder f7 (representing the first subset) is performed, the protection treatment changing unit 14 , Change the predetermined protective measures. The protective treatment effective range determination means 10 re-determines the protective treatment effective range based on the changed protective treatment. The range comparison means 7 compares each range again according to the protective treatment effective range. Then, the range display unit 8 displays a GUI indicating the newly determined subset.

  When a drag and drop operation for moving an icon indicating a certain information reference person to another folder is performed, the range display means 8 outputs a message corresponding to the combination of the range before the move and the range of the move destination. Encourage the system administrator to take necessary actions. Even when an operation to move an information referrer belonging to the seventh subset to the first subset is performed, a message is output in the same manner as for other moves, which is necessary for the system administrator. You may make it prompt treatment. In this case, the information management system may not include the protection measure changing unit 14.

  According to the information management system as described above, from the three viewpoints of the confidentiality and usefulness of information and whether the information referer corresponds to the protective measure, what kind of set each information referer belongs to. It can be easily confirmed. Therefore, it is possible to easily confirm to which information reference the information is disclosed. Further, the system administrator can examine whether or not the set to which each information reference belongs is appropriate, and can change the set to which each information reference belongs to be appropriate. Therefore, it is possible to prevent the use of useful information from being lost by determining the disclosure range of information based only on the confidentiality of information. Even if the conditions illustrated in FIGS. 2 and 3, the contents stored in the personal / organization information database 102, and the rules used by the disclosure possible range determination means 5 are inappropriate, , Making it easier to find inappropriate parts. In addition, even if there is a change in the organization, it is possible to easily confirm to which information reference the information will be disclosed by updating the contents of the personal / organization information database according to the change. it can. Therefore, the work burden of the system administrator is reduced and the burden of cost is also reduced (for example, there is no need to request an outside person to perform auditing).

  Next, a modification of the first embodiment will be described.

  In the configuration shown in FIG. 1, in the content determination unit 111, the condition extraction unit 2 is shown separately from the confidentiality determination unit 3 and the usefulness determination unit 4. The condition extracting unit 2 outputs each word extracted from the input information and a word derived by the structural analysis of the information to the confidentiality determining unit 3 and the usefulness determining unit 4. Instead of such a configuration, the confidentiality determination determination means 3 and the usefulness determination means 4 include the function of the condition extraction means 2, and the confidentiality determination determination means 3 and the usefulness determination means 4 respectively perform word extraction and structural analysis. It is good also as a structure which derives | leads-out the word by.

  In the configuration shown in FIG. 1, the individual / organization information database 102 stores both information representing individuals and information representing the attributes of each individual, and the disclosure possible range determination means 5 and the recommended disclosure range determination means 6 The information referrer is extracted from the personal / organization information database 102. Information representing an individual and information representing an attribute of each individual are stored in separate databases, and a database different from a database storing information representing an attribute of each individual (stores information representing an individual) A configuration may be adopted in which information referrers are extracted from a database. However, in this case, in the database that stores information representing the attributes of each individual, each individual is identified in order to indicate who the attributes of “affiliation department”, “security support”, and “related keywords” are. The identification information to be associated is associated with.

  FIG. 11 shows an example of a database that stores information representing attributes (hereinafter referred to as an attribute database) and a database that stores information representing individuals (hereinafter referred to as a personal database). As shown in FIG. 11, the attribute database 301 (information referrer attribute storage means) stores each person's attributes (for example, the department to which the person belongs) together with the identification information of each person. The personal database 302 (information reference person storage means) stores information (for example, employee number, name, etc.) representing an individual together with identification information of each individual. However, the personal database 302 may store personal information for which no attribute is stored in the attribute database 301. In the example illustrated in FIG. 11, the attribute database 301 does not store the attribute “Hiroshi Kawakami”, but the personal database 302 stores information “Hiroshi Kawakami”.

  Then, the disclosure possible range determination unit 5 and the disclosure recommended range determination unit 6 may extract an individual from the personal database 302 as an information reference person even if the attribute is not stored in the attribute database 301. If, for example, information indicating that an individual whose attribute is not stored in the attribute database 301 has the same attribute as any of the individuals whose attribute is stored in the attribute database 301 is stored in the personal database 302, for example. Good. Then, based on the information, an individual whose attributes are not stored in the attribute database 301 may be extracted as an information reference person. For example, information “Hiro Kawakami and Saburo Nomura have similar attributes” is stored in the personal database 302 shown in FIG. The disclosure possible range determination unit 5 and the disclosure recommendation range determination unit 6 determine that “Saburo Nomura” is extracted based on the output result of the confidentiality determination unit 3 or the usefulness determination unit 4 and the attribute database 301. To do. At this time, based on the information that “Hiroshi Kawakami and Saburo Nomura have similar attributes”, “Hiro Kawakami” is extracted together with “Saburo Nomura”. Thus, even if the attribute of “Hiro Kawakami” is not stored in the attribute database 301, “Hiro Kawakami” can be extracted.

  In addition, the disclosure possible range determination means 5 extracts information referers constituting the disclosure possible range according to a predetermined rule. It is possible to extract “a person who may be an information reference person who constitutes the information, but cannot be said to be an information reference person who certainly constitutes the disclosure possible range”. An example of such a case will be described. The confidentiality determination unit 3 determines that the word output by the condition extraction unit 2 is “address” or the like in accordance with the rules illustrated in FIG. 2B (the rules for the arrangement of words to be included in the superordinate concept). It is determined whether it is included in the superordinate concept. Then, according to the determination result, it is determined whether the information input to the information management system corresponds to personal information or the like. However, there are some cases where words in the rules are similar but not exactly the same. For example, "Regional word", "Any city, road, prefecture, or prefecture", "Area word", "A city, ward, town, or village word", "Number 2 ”,“ chome ”,“ number ”, and“ number ”do not have“ number ”and“ number ”, and are defined as shown in FIG. Is not exactly the same as However, since the word sequences are similar as shown in FIG. 2B, the confidentiality determination unit 3 determines that there is a possibility that the word is included in the concept of “address”. Furthermore, the confidentiality determination unit 3 determines that the information input to the information management system may correspond to personal information or the like based on the determination result, and sends the determination result to the disclosure possible range determination unit 5. Output. When the determination result that “the information input to the information management system may correspond to personal information or the like” is input, the disclosure possible range determination unit 5 assumes that the information is personal information. Information referrers are extracted according to the rules. The person extracted as a result corresponds to “a person who may be an information reference person who constitutes the disclosure possible range but cannot be said to be an information reference person who certainly constitutes the disclosure possible range”.

  As described above, the confidentiality determination unit 3 determines that “the input information is one of the types of confidential information (2) based on the word determined by the condition extraction unit 2 as being possibly a confidential information word. It may be more than one.) ”. Based on the determination result, the disclosure possible range determination means 5 may extract the information reference person on the assumption that the input information is a specific type of confidential information. The information referrer extracted in this way is “a person who may be an information referer that constitutes the disclosure possible range but cannot be said to be an information referrer that certainly constitutes the disclosing possible range”. .

  Similarly, the disclosure recommendation range determination means 6 also extracts “a person who may be an information reference person who constitutes the disclosure recommendation range but cannot be said to be an information reference person who definitely constitutes the disclosure recommendation range”. May be. For example, if the count value obtained by matching related keywords with useful information words is less than a threshold value but the difference between the count value and the threshold value is within a predetermined value, It may be extracted as “a person who may be an information referrer who does not necessarily be an information referrer who constitutes the recommended disclosure range”.

  In addition, when the usefulness determination unit 4 determines whether the input information satisfies the criterion “corresponds to any kind of useful information.”, “Information constituting the recommended disclosure range” A person who may be a reference person but cannot be said to be an information reference person who certainly constitutes the recommended disclosure range may be extracted as follows. When the information input from the condition extracting unit 2 includes a word similar to the useful information word, the usefulness determining unit 4 determines that “the input information is the kind of useful information. 1 (may be more than one). ”. Then, the usefulness determination unit 4 outputs the determination result to the disclosed recommended range determination unit 6. Based on the determination result, the disclosure recommendation range determination unit 6 may extract information referers assuming that the information input to the information management system is a specific type of useful information. In this case, the recommended disclosure range determination means 6 stores rules in advance and extracts information referers according to the rules. The information referrer thus extracted is “a person who may be an information referer constituting the recommended disclosure range but cannot be said to be an information referrer that certainly constitutes the recommended disclosure range”. is there.

  The range display means 8 is “a person who may be an information reference who constitutes the disclosure possible range, but cannot be said to be an information reference who reliably constitutes the disclosure possible range” and “the disclosure recommended range. A set that includes a person who may be an information referrer who constitutes the information but is not necessarily an information referer who constitutes the recommended disclosure range is defined as a set of persons who cannot be clearly determined It may be displayed as “a certain set”. When the Venn diagram is a GUI, the range display means 8 sets the “collection of persons who cannot be clearly determined” to the disclosure possible range a1, the disclosure recommended range a2, the protective treatment effective range a3 illustrated in FIG. Display so as not to overlap. In addition, when the icons and windows are GUIs, the range display means 8 is a fourth indicating “a group of persons who cannot be clearly determined” separately from the three folders f1 to f3 shown in FIG. You can display the folder. When this folder is designated, the range display means 8 opens a new window, in which “there may be an information reference person who constitutes the disclosure possible range, but the information reference that reliably constitutes the disclosure possible range” is displayed. An icon indicating "person who cannot be said to be a person" and a person who may be an information reference person constituting the recommended disclosure range but cannot be said to be an information reference person constituting the recommended disclosure range. "Is displayed.

  Further, in the above configuration, the range comparison unit 7 compares the three ranges of the disclosure possible range, the disclosure recommendation range, and the protective treatment effective range, and each subset based on the overlap of the three ranges is displayed as the range display unit 8. Is displayed. The range comparison means 7 may compare two ranges among the disclosure possible range, the disclosure recommended range, and the protective treatment effective range. When comparing two ranges, three sets are obtained: a set of information referers belonging to only one range, a set of information referers belonging to only the other range, and a set of information referers belonging to both ranges. It is done. The range display means 8 may display these three sets. When the range is designated by the range operation means 9, the information referer belonging to the range is displayed and the information referrer moving process by drag and drop is accepted as in the case described above.

  For example, after the range display unit 8 displays each subset based on the overlap of the three ranges of the disclosure possible range, the disclosure recommended range, and the protective treatment effective range (for example, the display illustrated in FIGS. 8 and 10 is performed). After that, the range comparison unit 7 compares two ranges of the disclosure possible range, the disclosure recommended range, and the protective treatment effective range in accordance with an instruction from the system administrator. Based on the comparison result of the two ranges, the range display unit 8 may display each set again.

  Alternatively, the configuration may be such that only two ranges are compared without comparing the three ranges of the disclosure possible range, the disclosure recommended range, and the protective treatment effective range. When the range comparison unit 7 performs only a comparison between the disclosure possible range and the disclosure recommended range, the information management system may not include the protective treatment effective range determination unit 10. Further, when the range comparison unit 7 performs only a comparison between the disclosure possible range and the protective treatment effective range, the information management system may not include the usefulness determination unit 4 and the disclosure recommended range determination unit 6. Further, when the range comparison unit 7 performs only the comparison between the recommended disclosure range and the protection action effective range, the information management system may not include the confidentiality determination unit 3 and the disclosure possible range determination unit 5.

  Hereinafter, a case where the range comparison unit 7 compares the disclosure possible range and the disclosure recommended range will be described. When comparing these two ranges, the range comparison means 7 determines the following three subsets. The first subset is a set of information referers belonging to both the disclosure possible range and the disclosure recommended range. The second subset is a set of information referers belonging only to the disclosure possible range. The third subset is a set of information referers who belong only to the recommended disclosure range. If the range comparison means 7 determines each subset, the information reference person who belongs to each subset is memorize | stored in a memory | storage device (not shown in FIG. 1) for every subset. FIG. 12 shows an example of information referrers stored for each subset.

  Even when a subset is determined by comparing the two ranges of the disclosure possible range and the recommended disclosure range, the range display unit 8 displays each determined subset using the GUI. FIG. 13A is an explanatory diagram illustrating a display example when a Venn diagram is used as a GUI, as in FIG. In FIG. 13A, the first subset is represented as a range sa1 in which the disclosure possible range a1 and the disclosure recommended range a2 overlap. The second partial matching is represented as a range sa2 that does not overlap with the recommended disclosure range a2 in the disclosure possible range a1. The third partial collation is expressed as a range sa3 that does not overlap with the disclosure possible range a1 in the recommended disclosure range a2.

  It is useful for an information referer belonging to the first subset (range sa1) to refer to the information input to the information management system without any problem in terms of confidentiality. Information referrer determined to be recommended. An information referrer belonging to the second subset (range sa2) may be overdisclosed (referring to information input to the information management system has no problem in maintaining confidentiality. It is an information referrer that is determined not to be used effectively. Information referrers belonging to the third subset (range sa3) are insufficiently disclosed (the information can be used effectively by referring to the input information, but should not be allowed to be referenced in order to maintain confidentiality. ) Is an information referrer determined to be.

  When one of the ranges sa1 to sa3 is designated by the range operation unit 9, the range display unit 8 extracts information referers corresponding to the range from information (see FIG. 12) collected for each subset. And display. FIG. 13B illustrates an example of display of an information referrer when the range is designated. FIG. 13B shows a display example when the third subset (range sa3) is designated. Note that the range display unit 8 may display information of an information reference person corresponding to the range specified by the range operation unit 9 on a display device different from the display device that displays the GUI. Or you may memorize | store in the memory | storage device different from the memory | storage device which memorize | stores the information illustrated in FIG. Or you may transmit to an external apparatus via a communication network. Further, the range display means 8 may display the GUI representing each subset, and at the same time display the information referrer belonging to each subset for each subset.

  The system administrator can confirm the information referrer corresponding to each subset (range sa1 to sa3), and can specifically examine whether the confirmed information referer belongs to an appropriate subset. As a result of the examination, if the system administrator determines that the information referrer should be changed to belong to another subset, an operation of moving the information referer may be performed. For example, when it is determined that a part or all of information referers belonging to the third subset are moved to the first subset (range sa1), each information reference displayed as shown in FIG. What is necessary is just to perform drag and drop operation so that a person may be moved to range sa1 shown to Fig.13 (a).

  When the drag-and-drop operation is performed, the range display unit 8 outputs a message corresponding to the combination of the range before the movement and the range of the movement destination. The content of the message varies depending on which range of information referer is moved to which range. The system administrator performs necessary work according to the message. When the work is completed, the system administrator inputs the fact using an input means (not shown) such as a keyboard. This input means receives an input from the system administrator. The range comparison means 7 changes the subset to which the information referer belongs in response to a drag-and-drop operation performed by the system administrator, when it is input that the necessary work has been completed. Specifically, information (information illustrated in FIG. 12) indicating information referers belonging to each subset is updated. This operation is the same as the operation already described.

  Here, the case where the Venn diagram is a GUI has been described, but an icon and a window may be a GUI. In this case, the range display unit 8 may display the disclosure possible range folder f1 and the recommended disclosure range folder f2 shown in FIG. When the disclosure possible range folder f1 is designated, the range display means 8 newly opens a window. Then, a folder indicating a subset in which the designated disclosure possible range and the disclosure recommendation range that has not been designated yet overlap (that is, the range sa1 shown in FIG. 13), and an information reference who belongs only to the designated disclosure possible range An icon indicating is displayed in the window. The same applies to the case where the recommended disclosure range folder f2 is designated.

  As described above, when comparing the disclosure possible range and the disclosure recommended range, from the two viewpoints of information confidentiality and usefulness, we confirm what set each information referer belongs to, It is possible to easily confirm to whom information reference is disclosed. In addition, the system administrator can consider whether the set to which each information reference belongs is appropriate, and can change the set to which each information reference belongs so that it becomes appropriate. It is possible to prevent the opportunity from being lost. Further, it becomes easy to find an inappropriate part such as the conditions illustrated in FIGS. 2 and 3 in the examination process by the system administrator. Furthermore, even if there is an organizational change, it is possible to easily confirm to which information reference the information will be disclosed by updating the contents of the personal / organization information database according to the change. it can. Furthermore, the work burden and cost burden on the system administrator are reduced.

  Here, the case where the disclosure possible range and the disclosure recommendation range are compared has been described. The range comparison unit 7, the range display unit 8, and the range operation unit 9 are the same even when comparing the disclosure possible range and the protective treatment effective range, or comparing the disclosure recommended range and the protective treatment effective range. May be performed.

  When comparing the scope of disclosure and the effective scope of protective measures, in addition to the effects such as easy confirmation of the scope of information referees, easy discovery of inappropriate parts such as conditions, work burden, and reduction of cost burden, The following effects can be obtained. Even a person who should be able to refer to certain information without any problem in terms of confidentiality will not be able to refer to the information unless the protection measures applied to the information are dealt with. However, it should be possible to refer to the information without any security problem by comparing the disclosureable range and the protective action effective range, and confirming the information referer who belongs to the protective action effective range. It is possible to extract information referrers that do not correspond to. Then, it is possible to prompt the information reference person to take a procedure for dealing with the protective measure.

  In addition, if each individual can respond to the protective measures applied to the information and the types of the protective measures are appropriately determined for each individual, the difference between the disclosure possible range and the effective range of the protective measures is reduced. (Or no difference). Therefore, on the assumption that each individual can respond to the protective measures applied to the information and the types of the protective measures are appropriately determined for each individual, the recommended disclosure range and the protective measures When the effective range is compared, the same effect can be obtained as when the disclosure possible range and the recommended disclosure range are compared.

Embodiment 2. FIG.
FIG. 14 is a functional configuration diagram illustrating an example of a functional configuration of the information management system according to the second embodiment. Components that realize the same functions as those of the first embodiment are denoted by the same reference numerals as those in FIG. 1 and description thereof is omitted. In the first embodiment, newly input or created information becomes the information resource 1, whereas in the second embodiment, an information referrer registered in the personal / organization information database 102 refers to it. Information already distributed in a ready state (or information stored in an internal or external storage device of the information management system) becomes the information resource 1. In the second embodiment, the information input to the information management system has already been referred to (or can be referred to), and some protective measures have been taken. An attribute indicating this protection measure is added to the information input to the information management system. Information that is already distributed in a state that can be referred to by an information referer, or information that is stored in an internal or external storage device of the information management system can be referred to by an “information referer” in the claims. It corresponds to “predetermined predetermined information”.

  The current disclosure range determination means 15 shown in FIG. 14 determines the current disclosure range. The “current disclosure range” is a set of information referers who can actually refer to input information that is already in a referenceable state. Although it is already in a state where it can be referred to, since a protective measure is taken, a person who does not support the protective measure cannot refer to it. Furthermore, even if it is indicated in the “security correspondence” item (see FIG. 5) that a certain information reference person corresponds to a certain protective measure, information cannot be referred to in the following cases. For example, an information referer does not have a device for referring to information on which protection measures are applied, or application software corresponding to the protection measures applied to information is provided on a terminal device used by the information referrer. If it is not installed, the information cannot be referenced. In addition, for example, when an information reference person goes to a place where a device corresponding to a protection measure is not arranged due to a business trip or the like, information cannot be referred to.

  In general, when the information reference indicates that the information reference corresponds to a certain protective measure in the “security correspondence” item, the information reference indicates that a device or a device for referring to the information on which the protective measure has been applied. It is considered to have application software. However, due to delays in the arrangement of devices and application software, the fact that the device corresponds to the protection measure is stored in the “security response” item, but the device has not actually arrived at the information referer. Deficiencies can occur. On the other hand, although the device or the like has already been arranged and delivered to the information referrer, it is not stored in the “security correspondence” item of the personal / organization information database 102 that the protection measure is supported. Management deficiencies can also occur.

  Here, the “current disclosure range” is determined using a database (hereinafter referred to as an IT resource management database) that stores information processing apparatuses and application software used by each information referer for each information referer belonging to the organization. An example of this will be described. In FIG. 14, the IT resource management database is not shown. In the IT resource management database, the fact that devices and application software are associated with each information referer means that the device or the like actually exists under the information referrer and can be used. Means. For example, when the IT resource management database stores “information reference person A” and “application software for driving the fingerprint authentication apparatus and fingerprint authentication apparatus” in association with each other, the information reference person A actually The fingerprint authentication device and its application software can be used.

  The current disclosure range determination means 15 determines an attribute (attribute indicating what kind of protection measure is applied) added to information input to the information management system. Then, an information referrer provided with a device or application software necessary for referring to the information subjected to the protection processing is extracted from the IT resource management database. A set of information referers extracted by the current disclosure range determination means 15 becomes the current disclosure range.

  Further, as in the first embodiment, the protection measure effective range determination unit 10 collates the attribute added to the information input to the information management system with the “security correspondence” item to input information A set of information referrers who can refer to is extracted. A set of information referring persons extracted by the protective treatment effective range determination means 10 becomes the protective treatment effective range.

  As described above, when the information reference indicates that the protection measure corresponds to the protection measure, the information reference is used to refer to the information to which the protection measure is applied. It is common to have a device or the like. Therefore, in many cases, the protective treatment effective range coincides with the current disclosure range. However, if there is a delay in arrangement of the device with respect to the information reference, the information reference is not included in the current disclosure range, and the current disclosure range is a subset of the protective treatment effective range. Conversely, if the device etc. arrives at the information referrer before storing the appropriate contents in the “security response” item, the information referer belongs to the current disclosure range, but does not belong to the protection measure effective range. (Protective treatment coverage is a subset of the current disclosure scope).

  The range comparison means 7 compares the disclosure possible range, the disclosure recommended range, the protective treatment effective range, and the current disclosure range, and sets a subset of a portion where each range does not overlap, a subset of a portion where two ranges overlap, A subset of portions where one range overlaps and a subset of portions where four ranges overlap are determined.

  The range display unit 8 displays each subset determined by the range comparison unit 7 using a GUI. FIG. 15 is an explanatory diagram illustrating a display example when a Venn diagram is used as a GUI. FIG. 15 shows a case where the current disclosure range a4 is a subset of the protective treatment effective range a3. In the display example shown in FIG. 15, the range sa12 is a subset similar to the subsets indicated by the range sa12, the range sa13, and the range sa17 in FIG.

  A range sa11 illustrated in FIG. 15 is a range in which the disclosure possible range a1, the disclosure recommended range a2, the protective treatment effective range a3, and the current disclosure range a4 overlap. It is determined that the subset indicated by the range sa11 is appropriate to refer to the input information from the viewpoint of confidentiality and usefulness, and is registered in the personal / organization information database 102 as corresponding to the protection processing of the information. This is a set of information referees who can actually refer to the information.

  The range sa30 is a range that does not overlap with the current disclosure range a4 among the ranges in which the disclosure possible range a1, the disclosure recommended range a2, and the protective treatment effective range a3 overlap. It is determined that it is appropriate to refer to the input information from the viewpoint of confidentiality and usefulness, and the subset indicated by the range sa30 is registered in the personal / organization information database 102 as corresponding to the protection processing of the information. Although it is, it is a set of information referees who cannot refer to the information because the device or the like is not actually arranged.

  The range sa14 is a range which does not overlap with the disclosure possible range a1 and the disclosure recommended range a2 among the ranges where the protective treatment effective range sa3 and the current disclosure range sa4 overlap. The subset indicated by the range sa14 is determined to be inappropriate for referring to the input information from the viewpoint of confidentiality and usefulness, but corresponds to a protection process for the information in the personal / organization information database 102. And a set of information referees who can actually refer to the information.

  The range sa15 is a range that does not overlap with the recommended disclosure range a2 among the ranges where the disclosure possible range a1, the protective treatment effective range a3, and the current disclosure range a4 overlap. The subset indicated by the range sa15 is not useful even if the input information is referred to, but there is no security problem, and it is registered in the personal / organization information database 102 as corresponding to the protection processing of the information. This is a set of information referees who can actually refer to the information.

  The range sa16 is a range that does not overlap with the disclosure possible range a1 among the ranges in which the recommended disclosure range a2, the protective treatment effective range a3, and the current disclosure range a4 overlap. Although it is determined that the subset indicated by the range sa16 is not appropriate to refer to the input information from the viewpoint of confidentiality, it is useful to refer to the information, and in the personal / organization information database 102, It is a set of information referrers who are registered as supporting information protection measures and can actually refer to the information.

  The range sa32 is a range that does not overlap with the recommended disclosure range a2 and the current disclosed range a4 among the ranges in which the disclosure possible range a1 and the protective treatment effective range a3 overlap. The subset indicated by the range sa32 is determined to be appropriate to refer to the input information from the viewpoint of confidentiality, but it is not useful to refer to the information, and in the personal / organization information database 102, This is a set of information referrers who are registered as corresponding to the protection process of the information but cannot actually refer to the information.

  The range sa33 is a range that does not overlap with the disclosure possible range a1 and the current disclosure range a4 among the ranges where the disclosure recommended range a2 and the protective treatment effective range a3 overlap. The subset indicated by the range 33 is determined not to be appropriate to refer to the input information from the viewpoint of confidentiality, but it is useful to refer to the information, and in the personal / organization information database 102, It is a set of information referrers who are registered as supporting information protection measures but cannot actually refer to the information.

  The range sa31 is a range that does not overlap with the disclosure possible range a1, the disclosure recommendation range a2, and the current disclosure range a4 in the protective treatment effective range a3. The subset indicated by the range 31 is determined not to be appropriate to refer to the input information from the viewpoint of confidentiality and usefulness, and corresponds to a protection process for the information in the personal / organization information database 102. Although it is registered, it is a set of information referrers who cannot actually refer to the information.

  When the range is specified by the range operation unit 9, the range display unit 8 displays information referers belonging to the range. Therefore, for example, the system administrator can specify the range sa30 and the like, and can confirm information referees who are registered as corresponding to the protective measures but cannot actually refer to the information. As a result, it is possible to perform procedures such as expediting arrangements for a device or the like for referring to information on which the protective treatment has been performed. FIG. 15 shows the case where the current disclosure range a4 is a subset of the protection treatment effective range a3. However, the protection treatment effective range a3 may be a subset of the current disclosure range a4. In this case, although the arrangement of the device for referring to the protected information is completed, the information that is not registered in the personal / organization information database 102 as being protected is referred. Person can be confirmed.

  Also in this embodiment, the same effect as in the first embodiment can be obtained.

  14 is stored in a storage area other than the storage area accessible only to information referers belonging to the first subset (range sa11). The information is moved to a storage area that can be accessed only by information referers belonging to the first subset. Alternatively, when the information that becomes the information resource 1 is stored in a storage area other than the storage area that can be accessed only by the information referer belonging to the disclosure possible range, the arrangement changing unit 17 belongs to the disclosure possible range. You may perform the process which moves to the storage area which only an information reference person can access.

  In the present embodiment, a high-priority range for problem solving may be determined in advance, and a list of information referers belonging to a subset of the range may be displayed simultaneously with displaying the GUI. For example, it is determined in advance that the priority of problem solving that sa16 or sa30 is not an empty set is high, and the GUI illustrated in FIG. 15 is displayed, and at the same time, a list of information referers belonging to sa16 and sa30 is displayed for each range. May be. Alternatively, the list information of the information referrer may be stored in a storage device or output to an external device via a communication network.

  Moreover, in this Embodiment, the structure which compares any one or two of the disclosure possible range, a disclosure recommendation range, and a protective treatment effective range with the present disclosure range may be sufficient. The point that the range comparison means 7 compares the present disclosure range with one or two other ranges and the respective subsets obtained as a result are displayed by the range display means 8 is the same as described above. . In addition, when a range is designated by the range operation means 9, the information referer belonging to the range is displayed and the information referrer moving process by drag and drop is accepted as in the case described above. .

  When the range comparison unit 7 compares only the current disclosure range, the disclosure possible range, and the disclosure recommendation range, the information management system illustrated in FIG. 14 may not include the protection treatment effective range determination unit 10. Further, when the range comparison unit 7 compares only the current disclosure range, the disclosure possible range, and the protective treatment effective range, the information management system may not include the usefulness determination unit 4 and the disclosure recommended range determination unit 6. . When the range comparison unit 7 compares only the current disclosure range, the disclosure recommendation range, and the protective action effective range, the information management system may not include the confidentiality determination unit 5 and the disclosure possible range determination unit 5.

  When the range comparison unit 7 compares only the current disclosure range and the disclosure possible range, the information management system does not include the usability determination unit 4, the disclosure recommendation range determination unit 6, and the protective treatment effective range determination unit 10. May be. When the range comparison unit 7 compares only the current disclosure range and the recommended disclosure range, the information management system may not include the confidentiality determination unit 3, the disclosure possible range determination unit 5, and the protective treatment effective range determination unit 10. Good. When the range comparison unit 7 compares only the current disclosure range and the protective treatment effective range, the information management system may not include the feature analysis unit 100.

  Even when the range comparison means 7 compares the current disclosure range with one or two other ranges, it is possible to easily confirm what set each information referer belongs to. Therefore, it is possible to easily confirm to which information reference the information is disclosed. Further, when each information reference person does not belong to an appropriate set, it can be easily found.

  In the above embodiment, the IT resource management database is used. However, for example, in an area where an information referencer cannot refer to information (a place where a device or application software corresponding to a protection measure is not arranged). The current disclosure range a4 may be determined based on whether or not the user is on a business trip. In this case, instead of the IT resource management database, a database that sequentially stores the location (business trip status, etc.) of the information referer may be used. This database and IT resource management database correspond to information referer storage means and usable status storage means such as devices.

  The arrangement changing unit 17 is realized by a CPU that operates according to a program, for example. This CPU may be the same CPU as a CPU that realizes other means.

Embodiment 3 FIG.
The information management system shown as the third embodiment is disclosed to a specific information referrer based on the confidentiality and usefulness of each piece of information from among a plurality of pieces of information (documents and data) that have already been accumulated. The range of information to be determined is determined. In the first embodiment and the second embodiment, the “range” represents the range of the information reference person, whereas in the third embodiment, the “range” is the range of information (that is, information Set).

  As in the above embodiments, the “information referrer” may be an individual, or may be a plurality of persons belonging to a specific group (for example, a department of a company). .

  FIG. 16 is a functional configuration diagram illustrating an example of a functional configuration of the information management system according to the third embodiment. In the third embodiment, the information resource 1 is a plurality of information already stored in a predetermined storage area. Information serving as the information resource 1 may be stored in a storage device included in the information management system itself, or stored in an information storage device (a database storing information) connected to the information management system via a communication network. It may be. Further, a plurality of such information storage devices may be provided. In the following description, it is assumed that information is stored in a plurality of information storage devices. In FIG. 16, the information storage device is not shown. The information resource 1 in the present embodiment is different from the information resource in the first embodiment in that it is not newly input or created information.

  In addition, an attribute indicating what kind of protection is applied to each information that has already been accumulated, which is the information resource 1, is added. Based on this attribute, the information management system determines what kind of protection processing is performed on each piece of information.

  The condition definition database 101 and the personal / organization information database 102 shown in FIG. 16 are the same databases as the condition definition database 101 and the personal / organization information database 102 in the first embodiment. The personal / organization information database 102 corresponds to information referrer attribute storage means.

  The feature analysis unit 100 refers to a set of information (hereinafter referred to as a referenceable range) for which a specific information referrer is permitted to refer to based on the confidentiality of each information included in the information resource 1. ). In addition, the feature analysis unit 100 refers to a set of information that the information referer should refer to based on the usefulness of each information included in the information resource 1 (hereinafter referred to as a recommended reference range). ).

  Note that the information reference person (the specific information reference person described above) from which the referenceable range and the recommended reference range are determined is designated in advance by the system administrator. At this time, by specifying a specific group, a plurality of information referers belonging to the group may be specified. The fact that a specific group has been designated means that a plurality of persons belonging to that group have been designated together. In FIG. 16, illustration of a designation means for designating a specific information referer is omitted.

  The feature analysis unit 100 includes a content determination unit 111 and a range determination unit 113. The content determination unit 111 includes a condition extraction unit 2, a confidentiality determination unit 3, and a usefulness determination unit 4. The operations of the condition extraction unit 2, the confidentiality determination unit 3, and the usefulness determination unit 4 are the same as the operations of the first embodiment. However, the information already stored in the information storage device is sequentially input to the content determination unit 111, and the content determination unit 111 performs processing on each piece of information.

  The confidentiality determination means 3 determines whether or not each piece of information satisfies a criterion “corresponds to any kind of confidential information”. Then, as a determination result of this determination process, which type of confidential information the input information corresponds to (or that it does not correspond to any type of confidential information) is output to the referable range determination means 20 described later. . If it is determined that the confidentiality determination unit 3 corresponds to the intra-department secret, the confidentiality determination unit 3 also outputs information indicating the division to the referenceable range determination unit 20.

  The usefulness determination means 4 determines whether or not each piece of information satisfies the criterion “include any useful information word”. Then, as a determination result of this determination processing, which useful information word is included in the input information (or that no useful information word is included) is output to the reference recommended range determination means 21. Moreover, even if the process by the usefulness determination means 4 is a process which determines whether each information contained in the information resource 1 satisfy | fills the criteria of "it corresponds to any kind of useful information." Good. In this case, as a determination result, what kind of useful information each information corresponds to (or does not correspond to any kind of useful information) may be output.

  The range determination unit 113 includes a referenceable range determination unit 20 and a reference recommended range determination unit 21, and determines the referenceable range and the recommended reference range based on the determination result of the content determination unit 111.

  The referable range determination unit 20 stores a rule similar to the rule stored by the discloseable range determination unit 5 in the first embodiment. Then, according to the rule, the referable range for the specified specific information referer is determined. Specifically, information representing the attribute of the information referrer (in this example, “department” and “position”) is read from the personal / organization information database 102. Then, it is determined based on the information indicating the attribute of the information referer whether or not the information referer can refer to the information determined to be the specific type of confidential information by the confidentiality determining means 3. This determination is performed according to a rule stored in advance (for example, “confidential information classified as customer information can be referred to only by employees belonging to the sales department”). In addition, the referable range determination unit 20 performs this determination for each piece of information included in the information resource 1. Then, the information determined to be referred to by the information referer is selected. A set of information selected by the referable range determination means 20 is a referable range. When the determination result that the certain information does not correspond to any type of confidential information is output from the confidentiality determination unit 3, the referable range determination unit 20 determines that the information referencer can refer to the information. Therefore, information determined not to correspond to any type of confidential information is included in the referable range.

  When the usefulness determination unit 4 determines whether each piece of information satisfies the criterion “include any useful information word”, the recommended reference range determination unit 21 performs the following processing: To do. The recommended reference range determination unit 21 determines a recommended reference range for a specific information referrer based on the useful information word output by the usefulness determination unit 4 and the stored content stored in the personal / organization information database 102. Specifically, information representing the attribute of the information referrer (here, “related keyword”) is read from the personal / organization information database 102. And the related keyword and the useful information word of each information are collated. It is determined whether there is a match or similarity between useful keywords of individual information in the related keywords, and the count value is incremented by 1 each time there is one match or similarity. The recommended reference range determination unit 21 selects information whose count value obtained as a result of the collation is equal to or greater than a predetermined threshold value. A set of information selected by the recommended reference range 21 is the recommended reference range. In the case of determining similarity, a database indicating a correspondence relationship between synonymous words or a database storing information on words having a similar relationship may be used as in the first embodiment. When the determination result that the certain information does not include any useful information word is output from the usefulness determination unit 4, the recommended reference range determination unit 21 does not include the information in the recommended reference range.

  In addition, the recommended recommended range determination unit 21 does not directly collate the useful information word and the related keyword as in the disclosed recommended range determination unit 6 in the first embodiment, but through the “area in charge” item. You may collate.

  The related keywords may be stored in advance in the personal / organization information database 102 by the system administrator. Alternatively, as described in the first embodiment, the recommended reference range determination unit 21 applies the terminal device used by each information referrer (or a terminal device shared by employees belonging to individual departments) to the terminal device. A related keyword extracted from information stored in the terminal device may be requested to be transmitted, and the related keyword received from the terminal may be stored in the personal / organization information database 102.

  When the usefulness determination unit 4 determines whether each piece of information included in the information resource 1 satisfies the criterion “corresponds to any kind of useful information”, the recommended reference range determination unit 21 The recommended reference range is determined as follows. The recommended reference range determination unit 21 stores a rule similar to the rule stored by the disclosed recommended range determination unit 6 described in the first embodiment. Then, the recommended reference range determination means 21 determines the recommended reference range for the specified specific information referrer according to the rule. Specifically, information representing the attribute of the information referrer (for example, “position”, “related keyword”, etc.) is read from the personal / organization information database 102. Then, it is determined based on the information indicating the attribute of the information referer whether or not the information determined by the usefulness determining means 4 is recommended to the information referer. This determination is performed in accordance with a rule stored in advance (for example, “useful information classified as know-how is recommended for information referees of“ in charge ”)”. The recommended reference range determination unit 21 performs this determination for each piece of information included in the information resource 1. Then, the information determined to be recommended to the information referer is selected. A set of information selected by the recommended reference range determination means 21 is the recommended reference range. When the determination result that the certain information does not correspond to any kind of useful information is output from the usefulness determining means 4, the recommended reference range determining means 21 determines that the information is not recommended to the information reference person. Therefore, the information is not included in the recommended reference range.

  Further, the currently referable range determination means 22 determines the currently referable range. The “current referenceable range” is a set of information that can be actually referred to by a specific information reference person. As already described, each piece of information serving as the information resource 1 has an attribute indicating what kind of protection is being applied. The current referable range determination unit 22 may, for example, investigate various devices and application software used by a specified specific information referer and select information that can be referred to by the devices and application software. In this example, it is assumed that the information management system includes the IT resource management database described in the second embodiment. However, in FIG. 16, the IT resource management database is not shown. The current referable range determination unit 22 reads information on various devices and application software used by a specified specific information referer from the IT resource management database. Then, by referring to the attributes of the individual information included in the information resource 1, information that can be referred to using various devices and application software used by the information referer is selected. The current referable range includes information that has already been referred to by a specific information reference person, and also includes information that has not been referred to but can be referred to in the future.

  Information belonging to any of the referable range, the recommended reference range, and the current referable range is represented by, for example, the file name or data ID of each document.

  The range comparison means 7 compares the referenceable range, the recommended reference range, and the current referenceable range. When comparing these three ranges, the range comparison means 7 determines the following seven subsets. The first subset is a set of information belonging to any of the referenceable range, the recommended reference range, and the current referenceable range. The second subset is a set of information belonging only to the referenceable range. The third subset is a set of information belonging only to the recommended reference range. The fourth subset is a set of information belonging only to the current referable range. The fifth subset is a set of information that belongs to the referenceable range and the current referenceable range but does not belong to the recommended reference range. The sixth subset is a set of information that belongs to the recommended reference range and the current referenceable range but does not belong to the referenceable range. The seventh subset is a set of information that belongs to the referenceable range and the recommended reference range but does not belong to the current referenceable range. When the range comparison means 7 determines each subset, the range belonging to each subset is stored in a storage device (not shown in FIG. 16) for each subset. FIG. 17 shows an example of information stored for each subset when the subset is determined by comparing the referenceable range, the recommended reference range, and the current referenceable range.

  The range display means 8 is realized by a CPU and a display device that operate according to a program, as in the first embodiment. After the range comparison unit 7 compares the referenceable range, the recommended reference range, and the current referenceable range to determine a subset, the range display unit 8 displays each determined subset using a GUI. FIG. 18 is an explanatory diagram illustrating a display example when a Venn diagram is used as a GUI. In FIG. 18, the first subset is represented as a range sa21 in which the referenceable range a21, the reference recommended range a22, and the current referenceable range a23 overlap. The second subset is represented as a range sa22 of the referenceable range a21 that does not overlap with the recommended reference range a22 and the current referenceable range a23. The third subset is represented as a range sa23 in the recommended reference range a22 that does not overlap the referenceable range a21 and the current referenceable range a23. The fourth subset is represented as a range sa24 that does not overlap the referenceable range a21 and the recommended reference range a22 in the current referenceable range a23. The fifth subset is an overlapping portion of the referenceable range a21 and the current referenceable range a23, and is represented as a range sa25 that does not overlap with the recommended reference range a22. The sixth subset is an overlapping portion of the reference recommended range a22 and the current referenceable range a23, and is represented as a range sa26 that does not overlap with the referenceable range a21. The seventh subset is an overlapping portion of the referenceable range a21 and the reference recommended range a22, and is represented as a range sa27 that does not overlap the current referenceable range a23.

  Information belonging to the first subset (range sa21) is determined to be useful and secure even if it is referred to by a specific information referer designated by the system administrator, and the information Information that can be referred to by the referrer. The information belonging to the second subset (range sa22) is determined not to be useful for the information reference, although it is not problematic for the information reference even if it is referred to by the specified specific information reference. This information cannot be referred to by the referrer. Information belonging to the third subset (range sa23) is determined to be useful information for the specified specific information referer, but if the information referrer refers to it, a problem arises in terms of confidentiality, This information cannot be referred to by the information reference person. It is determined that information belonging to the fourth subset (range sa24) is not appropriate to be referred to by the specified specific information referer from the viewpoint of confidentiality and usefulness. It is information that can be referred to. The information belonging to the fifth subset (range sa25) is judged to be unusable even if it is referred to by a specified specific information reference person, but there is no problem in terms of confidentiality, and the information reference person actually It is information that can be referred to. The information belonging to the sixth subset (range sa26) has a problem of confidentiality when referred to by a specified specific information referer, but is useful for the information referrer, and the information referrer is actually It is information that can be referred to. It is judged that information belonging to the seventh subset (range sa27) is appropriate for the designated specific information referrer from the viewpoint of confidentiality and usefulness. Information that cannot be referred to.

  The range operation means 9 (corresponding to the range operation means and the designation means) is configured by a pointing device such as a mouse, as in the first embodiment. The range operation means 9 designates one of the ranges sa21 to sa27 according to the operation of the system administrator. When one of the ranges sa21 to sa27 is designated by the range operation unit 9, the range display unit 8 extracts information corresponding to the range from information collected for each subset (see FIG. 17). Display a list.

  As in the first embodiment, the range display unit 8 displays a list of information corresponding to the range specified by the range operation unit 9 on a display device different from the display device that displays the GUI. Also good. Or you may memorize | store in the memory | storage device different from the memory | storage device which memorize | stores the information illustrated in FIG. Or you may transmit to an external apparatus via a communication network. Further, the range display means 8 may display the GUI representing each subset and simultaneously display information belonging to each subset for each subset.

  Of the current referable range a23, only information (first subset) belonging to the range sa21 is determined to have no problem from the viewpoint of confidentiality and usefulness even if referred to by an information referer. The range display means 8 and the range operation means 9 are such that the number of information belonging to the first subset is maximized by the system administrator, and the number of information belonging to the second subset to the seventh subset is minimized. An operation to bring it close to an ideal state is accepted.

  For example, when priority is given to preventing leakage of confidential information, it is not preferable that information included in the ranges sa24 and sa26 exist. In this case, an operation for moving the information included in the ranges sa24 and sa26 to a subset (for example, the range sa21, the range sa23, etc.) that the system administrator determines to be appropriate may be performed.

  The range display means 8 and the range operation means 9 accept information movement operations by the system administrator. The information movement operation is performed by, for example, a drag and drop operation. That is, each piece of information displayed in a list is designated by the range operation means 9, and an operation of moving to any range shown in FIG. 18 is performed.

  When the information movement operation is performed, the range display unit 8 outputs a message corresponding to the combination of the range before the movement and the range of the movement destination. This message is a message for instructing a work necessary for realizing the movement designated by the system administrator. The content of the message varies depending on which range of information is moved to which range. For example, when an operation for moving information belonging to the range sa27 shown in FIG. 18 to the range sa21 is performed, a message instructing the information referer to distribute the device or application software corresponding to the protection measure applied to the information Is displayed. Also, for example, when an operation for moving information belonging to the current referable range a23 to the outside of the current referable range a23 is performed, the access right setting is updated so that the information reference person cannot access the information. A message instructing you to do so. The system administrator performs necessary work according to the message. When the work necessary for realizing the movement of information is completed, the system administrator inputs that fact using an input means (not shown) such as a keyboard. This input means receives an input from the system administrator. The range comparison unit 7 changes the subset to which the information belongs in response to a drag-and-drop operation performed by the system administrator when a message indicating that the necessary work has been completed is input. Specifically, information indicating information belonging to each subset (information illustrated in FIG. 17) is updated.

  The system administrator examines whether each information belongs to an appropriate subset with respect to a specific information referer, and if the result of the examination is satisfactory, the system administrator indicates that each information belongs to an appropriate subset. For example, input is performed using an input means (not shown) such as a keyboard. This input means receives an input from the system administrator. 16 receives information indicating that each piece of information belongs to an appropriate subset, and reads information indicating information belonging to each subset (information illustrated in FIG. 17). . Then, each piece of information included in the information resource 1 is rearranged based on the read information.

  Hereinafter, the rearrangement of the information resource 1 by the arrangement changing unit 17 will be described. As already described, each piece of information included in the information resource 1 is stored in a plurality of information storage devices. However, the information storage area of the information storage device is classified for each attribute of the information referer who can access. And each information contained in the information resource 1 is memorize | stored in the information storage area according to each information. If the information belonging to the first subset is not stored in the information storage area that can be accessed by the specified specific information referer, the arrangement changing unit 17 moves or copies the information to the information storage area. As a result, a specific information referrer can access and refer to information belonging to the first subset. In addition, when information belonging to the fourth, fifth, and sixth subsets is stored in the information storage area that can be accessed by the specified specific information referer, the arrangement changing unit 17 Move to the information storage area (information storage area that cannot be accessed by the specified specific information referrer). As a result, even if a specific information referrer has a device or application software corresponding to the protective measures applied to the information belonging to the fourth, fifth, and sixth subsets, he or she accesses the information. become unable.

  The notification means 13 notifies the specified specific information referer of the existence of information belonging to the first subset and a method for referring to the information. The information reference method includes information such as which information storage area of which information storage device should be accessed and what kind of authentication or decryption can be used to refer to the information. Note that the notification unit 13 may perform notification by e-mail, for example, as described in the first embodiment.

  The information management system may include only one of the arrangement changing unit 17 and the notification unit 13. Or the structure which is not provided with the arrangement | positioning change means 17 and the notification means 13 may be sufficient. Further, the order of the processes executed by the arrangement changing unit 17 and the notification unit 13 may be an arbitrary order. For example, the processing by the arrangement changing unit 17 may be executed after the notification processing by the notification unit 13 is completed.

  It should be noted that the condition extraction unit 2, the confidentiality determination unit 3, the usefulness determination unit 4, the referenceable range determination unit 20, the reference recommended range determination unit 21, the range comparison unit 7, the current referenceable range determination unit 22, The arrangement changing unit 17 and the notification unit 13 are realized by a CPU that operates according to a program, for example. As already described, the range display means 8 is realized by a CPU and a display device that operate according to a program, for example. There may be one CPU that realizes each means.

  FIG. 18 shows an example in which a Venn diagram is used as a GUI. Hereinafter, a display example of a subset when an icon and a window indicating a folder are used as a GUI will be described. FIG. 19 is an explanatory diagram illustrating an example of a display when icons and windows are used as a GUI. Three folders (icons) shown in FIG. 19A correspond to a referenceable range, a recommended reference range, and a current referenceable range, respectively. The referenceable range folder f10 is a folder including information belonging to the referenceable range. The recommended reference range f11 is a folder including information belonging to the recommended recommended range. The current referable range folder f12 is a folder including information belonging to the current referable range. When each of the folders f10 to f12 is designated by the range operation means 9, the range display means 8 displays a window showing the contents of the designated folder.

  When the range display unit 8 displays a window, the range display unit 8 displays icons in the window as follows. When the designated folder (range) includes a subset in which the designated range and the range not yet designated are included, the range display means 8 uses the folder indicating the subset as an icon. indicate. If the specified folder contains information that does not belong to the range not yet specified, an icon indicating the information is displayed.

  A case where the current referable range f12 is designated will be described as an example. When the currently referable range f12 is designated, the range display unit 8 displays a window w3 illustrated in FIG. 19B. The current referenceable range f12 includes a subset in which the specified current referenceable range and the referenceable range that has not been specified yet overlap. Therefore, the range display means 8 displays the folder f13 (referenceable range folder f13) indicating this subset in the newly opened window w3. The current referenceable range f12 includes a subset in which the specified current referenceable range and the reference recommended range that has not been specified yet overlap. Therefore, the range display means 8 displays the folder f14 (reference recommended range folder f14) indicating this subset in the newly opened window w3. Further, the range display means 8 is an icon representing information itself, which is information included in the current referenceable range f12 and does not belong to the referenceable range and the reference recommended range that have not yet been specified (FIG. 19B). Are displayed as icons f15 to f17). In the window w3 shown in FIG. 19B, the referable range folder f13 corresponds to the union of the ranges sa21 and sa25 shown in FIG. The recommended reference range folder f14 corresponds to the union of the ranges sa21 and sa26 shown in FIG. Icons f15 to f17 indicate information belonging to the range sa24 illustrated in FIG.

  The range display means 8 displays a window in the same manner when another folder is designated. Note that icons representing the sets (for example, icons f10 to f14) correspond to first icons. Icons indicating information (for example, icons f15 to f17) correspond to second icons.

  The system administrator may perform a drag-and-drop operation for moving an icon representing information (for example, the illustrated icons f15 to f17) to a folder icon. In this case, the range display unit 8 and the range operation unit 9 accept a drag and drop operation. The operation of the information management system when a drag-and-drop operation for moving an icon representing information to a folder icon is performed is similar to the operation when the Venn diagram is a GUI.

  The range display unit 8 displays a shredder icon f18 on the display screen. The shredder icon f18 is an icon used for deleting an icon representing information or a folder. For example, the icons f15 to f17 in the window w3 shown in FIG. 19B represent information belonging to the fourth subset, and these information should not be referred to from the viewpoint of confidentiality and usefulness. It is determined that there is no. When the icons f15 to f17 are moved to the shredder icon f18 by drag and drop, the range display means 8 stops displaying the icons f15 to f17. In the window, icons representing files (for example, icons f15 to f17) are displayed. These icons only display files belonging to the subset for convenience. That is, the file indicated by the icon in the window is only a proxy file (proxy file) of the file actually stored. Even if these icons are deleted from the display screen, information entities belonging to each subset (information stored in the information storage device itself) are not deleted.

  When the icon is deleted, the range display unit 8 may output a message along with the deletion of the icon. For example, if an icon of information belonging to the fourth subset is deleted, a message is displayed instructing to update the access right setting so that the specified specific information reference person cannot access the information. Also good. When the system administrator sets the access right in response to this message, even if information belonging to the fourth subset exists, the information manager cannot refer to the information. The type of message may be determined according to the type of icon to be deleted.

  According to the information management system as described above, it is easy to determine what set each information belongs to from the three viewpoints of confidentiality and usefulness of information and what information can be referred to by the information viewer. Can be confirmed. Therefore, it is possible to easily confirm what information can be referred to by a specific information referer. Further, the system administrator can examine whether or not the set to which each information belongs is appropriate, and can change the set to which each information belongs so as to be appropriate. Therefore, it is possible to prevent the use of useful information from being lost by determining the disclosure range of information based only on the confidentiality of information. In addition, even if there are inappropriate conditions (see FIGS. 2 and 3), the stored contents of the personal / organization information database 102, and the rules used by the referable range determination means 20, the system administrator It becomes easier to find inappropriate parts in the examination process. Further, even if there is an organization change, it is possible to easily confirm what information a specific information referer can refer to by updating the contents of the personal / organization information database in accordance with the change. Therefore, the work burden of the system administrator is reduced and the burden of cost is also reduced (for example, there is no need to request an outside person to perform auditing).

  Subsequently, a modification of the third embodiment will be described.

  As in the modification of the first embodiment, the confidentiality determination determination means 3 and the usefulness determination means 4 include the function of the condition extraction means 2, and the confidentiality determination means 3 and the usefulness determination means 4 It is also possible to adopt a configuration in which words are derived by extraction or structural analysis.

  Moreover, it is the information of the content similar to each other, You may associate the information with which the same protection treatment is performed. Specifically, if it is determined to which subset a piece of information belongs to the range comparison means 7, the information having the same content as that information and subjected to the same protection measure is the feature analysis unit. It may be associated not belonging to 100 processing targets but belonging to the same subset. For example, it is assumed in advance that the contents of the document P and the document Q are similar, and the same protection measures are applied to both documents. In this case, information indicating that the document P and the document Q are related to each other is stored in the range comparison unit 7. If the range comparison unit 7 determines which subset of either the document P or the document Q belongs, the range comparison unit 7 determines that the document Q also belongs to the same subset based on previously stored information. Further, not all of the associated information may be included in the information resource 1. For example, only one of the document P and the document Q needs to be included in the information resource 1. In this case, with respect to information that is not stored in the information storage device and that is not included in the information resource 1, it is possible to determine which subset it belongs to and display it to the system administrator.

  Further, the referenceable range determination means 20 selects information constituting the referenceable range according to a predetermined rule. In addition to the information constituting the referenceable range, “referenceable range information There may be information that may be, but cannot be said to be information that reliably constitutes the referenceable range. In this case, as shown in the modification of the first embodiment, the confidentiality determination unit 3 determines whether each of the confidentiality information words has been determined to be a confidential information word by the condition extraction unit 2. It is determined that the information may correspond to one of the types of confidential information (may be two or more). Based on this determination result, the referenceable range determination means 20 determines whether the information belongs to the referenceable range, assuming that the input information is a specific type of confidential information. If it is determined that it belongs to the referenceable range based on this assumption, the input information may be “information constituting the referenceable range, but is definitely information constituting the referenceable range. Sorted as “information that cannot be said”.

  Similarly, the reference recommended range determination means 21 may also select “information that may be information that constitutes the recommended reference range but cannot be reliably configured information.” In this case, the count value obtained by collating the related keyword of the specific information referer specified in advance with the useful information word is less than the threshold value, but the difference between the count value and the threshold value is a predetermined value. May be selected as “information that may be information that constitutes the recommended reference range but cannot be said to reliably constitute the recommended reference range”.

In addition, when the usefulness determination means 4 determines whether each piece of information included in the information resource 1 satisfies the criterion “corresponds to any kind of useful information”, “reference recommendation” Information that may be information that constitutes a range but cannot be said to be certainly information that constitutes a recommended reference range may be selected as follows. As shown in the first embodiment, the usefulness determining means 4 determines that each information is a kind of useful information based on the word when the information contains a word similar to the useful information word. 1 (may be two or more) ". Then, the usefulness determination unit 4 outputs the determination result to the reference recommended range determination unit 21. Based on the determination result, the recommended reference range determination unit 21 may determine whether the input information is a specific type of useful information and determine whether the information belongs to the recommended reference range. If it is determined that it belongs to the recommended reference range based on this assumption, the input information may be “information that constitutes the recommended reference range, but is definitely information that constitutes the recommended recommended range. Sorted as “information that cannot be said”. In this case, the recommended reference range determination unit 21 stores a rule in advance, and determines whether the information belongs to the recommended reference range according to the rule.

  The range display means 8 includes “information that may be information that constitutes the referable range but cannot be said to reliably constitute the referable range” and “information that constitutes the recommended reference range. There is a possibility, but the set that is combined with the information that is not surely the information that constitutes the recommended reference range is displayed as "A set of information that cannot be clearly determined (uncertain set)" Also good. When the Venn diagram is a GUI, the range display means 8 does not make the “collection of information that cannot be clearly determined” overlap the referenceable range a21, the recommended reference range a22, and the current referenceable range a23 illustrated in FIG. To display. Further, when the icons and windows are GUIs, the range display means 8 is the fourth indicating “a set of information that cannot be clearly determined”, apart from the three folders f10 to f12 shown in FIG. You can display the folder. When this folder is designated, the range display means 8 opens a new window, in which “there may be information that constitutes the referable range, but information that surely constitutes the referable range” An icon indicating “information that cannot be said” and an icon indicating “information that may be information that constitutes the recommended reference range but cannot be reliably configured information of the recommended reference range” are displayed.

  Current referable range determination means can refer to current information based on whether or not the information referer is on a business trip in an area where information cannot be referred to (a place where no device or application software corresponding to protection measures is located) A range may be defined. In this case, instead of the IT resource management database, a database that sequentially stores the location (business trip status, etc.) of the information referer may be used. The database and the IT resource management database correspond to a usable status storage unit such as a device.

  In the above configuration, the range comparison unit 7 compares the three ranges of the referenceable range, the reference recommended range, and the current referenceable range, and each subset based on the overlap of the three ranges is displayed as the range display unit 8. Is displayed. The range comparison unit 7 may compare two ranges of the referenceable range, the reference recommended range, and the current referenceable range. When two ranges are compared, three sets are obtained: a set of information belonging to only one range, a set of information belonging to only the other range, and a set of information belonging to both ranges. The range display means 8 may display these three sets. When a range is designated by the range operation means 9, information that belongs to the range is displayed and information movement processing by drag and drop is accepted as in the case described above.

  For example, after the range display unit 8 displays each subset based on the overlap of the three ranges of the referenceable range, the reference recommended range, and the current referenceable range (for example, the display illustrated in FIGS. 18 and 19 is performed). After that, the range comparison means 7 compares two ranges of the referenceable range, the recommended reference range, and the current referenceable range in accordance with an instruction from the system administrator. Based on the comparison result of the two ranges, the range display unit 8 may display each set again.

  Alternatively, the configuration may be such that only two ranges are compared without comparing the three ranges of the referenceable range, the reference recommended range, and the current referenceable range. When the range comparison unit 7 only compares the referenceable range and the reference recommended range, the information management system may not include the current referenceable range determination unit 22. Further, when the range comparison unit 7 only compares the referenceable range and the current referenceable range, the information management system may not include the usability determination unit 4 and the reference recommended range determination unit 21. When the range comparison unit 7 only compares the recommended reference range and the current referenceable range, the information management system may not include the confidentiality determination unit 3 and the referenceable range determination unit 20.

  Hereinafter, a case where the range comparison unit 7 compares the referable range and the recommended reference range will be described. When comparing these two ranges, the range comparison means 7 determines the following three subsets. The first subset is a set of information belonging to both the referable range and the recommended reference range. The second subset is a set of information belonging only to the referenceable range. The third subset is a set of information belonging only to the recommended reference range. When the range comparison means 7 determines each subset, the range belonging to each subset is stored in a storage device (not shown in FIG. 16) for each subset.

  Even when a subset is determined by comparing the two ranges of the referenceable range and the recommended reference range, the range display unit 8 displays each determined subset using the GUI. FIG. 20 is an explanatory diagram showing a display example when a Venn diagram is used as a GUI as in FIG. In FIG. 20, the first subset is represented as a range sa41 in which the referenceable range a21 and the reference recommended range a22 overlap. The second partial collation is represented as a range sa42 that does not overlap with the recommended reference range a22 in the referenceable range a21. The third partial collation is represented as a range sa43 that does not overlap with the referenceable range a21 in the recommended reference range a22.

  The information belonging to the first subset (range sa41) is information that is determined to be useful for the information referer without causing any problem in confidentiality even if the specified specific information referer refers to it. The information belonging to the second subset (range sa42) is information that is determined not to be useful for the information reference, although there is no problem in maintaining confidentiality even if the specified specific information reference is referred to. The information belonging to the third subset (range sa43) is information that is useful for the specified specific information referer but is determined not to be allowed to refer to the information referer for confidentiality.

  The range display unit 8 displays information corresponding to the range when any one of sa41 to sa43 is designated by the range operation unit 9. The operation of the range display unit 8 at this time is the same as the operation of the range display unit 8 when the range comparison unit 7 compares the referenceable range, the reference recommended range, and the current referenceable range.

  The system administrator can confirm information corresponding to each subset (range sa41 to sa43), and can specifically examine whether the confirmed information belongs to an appropriate subset. As a result of the examination, if the system administrator determines that the information should be changed to belong to another subset, an operation for moving the information (for example, a drag and drop operation) may be performed.

  When the drag-and-drop operation is performed, the range display unit 8 outputs a message corresponding to the combination of the range before the movement and the range of the movement destination. The content of the message varies depending on which range of information is moved to which range. The system administrator performs necessary work according to the message. When the work is completed, the system administrator inputs the fact using an input means (not shown) such as a keyboard. This input means receives an input from the system administrator. The range comparison unit 7 changes the subset to which the information belongs in response to a drag-and-drop operation performed by the system administrator when a message indicating that the necessary work has been completed is input.

  Here, the case where the Venn diagram is a GUI has been described, but an icon and a window may be a GUI. In this case, the range display unit 8 may display the referable range folder f10 and the recommended reference range folder f11 shown in FIG. When the referable range folder f10 is designated, the range display means 8 newly opens a window. Then, a folder indicating a subset in which the designated referable range overlaps with the recommended reference range not yet designated (that is, the range sa41 shown in FIG. 20) and information belonging to only the designated referable range is shown. Displays an icon in the window. The same applies when the reference recommended range folder f2 is designated.

  As described above, when comparing the referenceable range and the recommended reference range, from the two perspectives of information confidentiality and usefulness, confirm what set each information belongs to and refer to specific information It is possible to easily confirm what information the person can refer to. In addition, the system administrator can examine whether the set to which each information belongs is appropriate, and can change the set to which each information belongs so that the opportunity to use useful information is lost. Can be prevented. In addition, it becomes easy to find an inappropriate part such as a condition (for example, the conditions illustrated in FIGS. 2 and 3) in the examination process by the system administrator. Furthermore, even if there is a change in the organization, it is easy to confirm what information a specific information referer can refer to by updating the contents of the personal / organization information database according to the change. Can do. Furthermore, the work burden and cost burden on the system administrator are reduced.

  Here, the case where the referenceable range and the reference recommended range are compared has been described. The range comparison means 7, the range display means 8, and the range operation means 9 are the same even when the referenceable range and the current referenceable range are compared or when the reference recommended range and the current referenceable range are compared. May be performed.

  When comparing the referenceable range with the current referenceable range, in addition to the effects such as easy confirmation of the range of information, easy discovery of inappropriate parts such as conditions, work burden, reduction of cost burden, etc. An effect can be obtained. Information that a specific information referer should be able to refer to without confidentiality, but if the device or application software corresponding to the protective measures applied to the information is not arranged, Inconsistency that cannot be referred to occurs. However, by displaying the comparison result between the referenceable range and the current referenceable range, it is possible for the information reference person to refer to the information without any problem, but it is possible to confirm information that cannot actually be referred to. Then, the system administrator can perform a procedure (for example, arrangement of a device or the like) so that the information referencer can refer to the information.

  Moreover, the following effects can be acquired when comparing the recommended reference range and the currently referable range. Even if the information is useful for a specific information referrer, there is an inconsistency that the information referrer cannot refer to the information unless equipment or application software corresponding to the protective measures applied to the information is arranged. Arise. However, by displaying the comparison result between the recommended reference range and the current referable range, it is possible to confirm information that is useful for the information reference person but cannot actually be referred to. Then, the system administrator can perform a procedure for enabling an information referring person to refer to the information.

  In the third embodiment, the information management system may include a protective treatment effective range determination unit. The “protective treatment effective range” in the third embodiment is a set of information subjected to the protective treatment that can be handled by a specified specific information reference person. The protection measure effective range determination means selects information constituting the protection measure friendly range from each information to be the information resource 1. The protection measure effective range determination means refers to the “security correspondence” item of the specified specific information referer in the stored contents of the personal / organization information database 102. Then, based on the content of the “security correspondence” item, the protection measure that the information referring person corresponds to is determined. Further, the protective treatment effective range determination means selects information on which the protective treatment has been performed. This collection of information is the scope of protection treatment.

  When the protective treatment effective range is determined by the protective treatment effective range determination unit, the range comparison unit 7 compares the referenceable range, the reference recommended range, the current referenceable range, and the protective treatment effective range, and each range overlaps. Determine the set. The range display unit 8 displays each subset as a GUI.

  As described in the second embodiment, when the “information security” item indicates that the information reference corresponds to a certain protection measure, the information reference is subjected to the protection measure. It is common to have a device or application software for referring to information. Therefore, the current referable range and the protective treatment effective range often coincide with each other. However, even if it is stored in the “Security Response” item that the protection measure is supported, there is actually a management defect that the device corresponding to the protection measure has not reached the information reference person. obtain. On the other hand, although the device or the like has already been arranged and delivered to the information referrer, it is not stored in the “security correspondence” item of the personal / organization information database 102 that the protection measure is supported. Management deficiencies can also occur. By adding the protective treatment effective range to the comparison control of the range comparison means 7, such management deficiencies can be found.

  Moreover, in this modification, the structure which compares any one or two of the referable range, the reference recommended range, and the present referable range with a protection treatment effective range may be sufficient. The point that the range comparison unit 7 compares the protection treatment effective range with the other one or two ranges, and the range display unit 8 displays each subset obtained as a result is the same as that already described. is there. In addition, when a range is designated by the range operation unit 9, information belonging to the range is displayed or information movement processing by drag and drop is accepted as in the case described above.

  When the range comparison unit 7 compares only the protective treatment effective range, the referenceable range, and the reference recommended range, the information management system shown in FIG. 16 may not include the current referenceable range determination unit 22. Further, when the range comparison unit 7 compares only the protective treatment effective range, the referenceable range, and the current referenceable range, the information management system may not include the usefulness determination unit 4 and the reference recommended range determination unit 21. Good. When the range comparison unit 7 compares only the protection measure effective range, the recommended reference range, and the current referenceable range, the information management system may not include the confidentiality determination unit 5 and the referenceable range determination unit 20.

  When the range comparison unit 7 compares only the protective treatment effective range and the referenceable range, the information management system includes the usefulness determination unit 4, the reference recommended range determination unit 21, and the current referenceable range determination unit 22. It does not have to be. When the range comparison unit 7 compares only the protective treatment effective range and the recommended reference range, the information management system does not include the confidentiality determination unit 3, the referenceable range determination unit 20, and the current referenceable range determination unit 22. Also good. When the range comparison unit 7 compares only the protective treatment effective range and the current referable range, the information management system may not include the feature analysis unit 100.

  Even when the range comparison means 7 compares the protection treatment effective range with the other one or two ranges, it is possible to easily confirm what set each information belongs to. Therefore, it is possible to easily confirm what information can be referred to by a specific information referer. Also, if each piece of information does not belong to an appropriate set, it can be easily discovered.

  In each of the first to third embodiments, dynamic stream data transmitted / received on the communication network may be used as the information resource 1. In this case, the router or switch on the communication network may have a configuration corresponding to the condition extraction unit 2. In this case, the router or the switch includes a CPU and a storage device that stores the condition extraction program, and the CPU may execute processing as the condition extraction unit 2 in accordance with the feature extraction program. At this time, a CPU such as a router may refer to the condition definition database 101.

  The functional configuration diagrams (FIGS. 1, 14, and 16) shown in the embodiments are examples. The mechanism configuration diagram of each embodiment may be a configuration different from those of FIGS. 1, 14, and 16. In addition, the information management system of each embodiment may be realized as a part of a system including more components than the components shown in each functional configuration diagram.

  Examples of the present invention are shown below.

  An example of the first embodiment is shown below. FIG. 21 is an explanatory diagram illustrating an example of an information management system and an apparatus connected to the information management system according to the first embodiment. An information management device (information management system) 200 is connected via a communication network 207 to terminal devices 201 to 203 used by each information reference and information storage devices 204 to 206 that store information such as documents and data. . In FIG. 21, three terminal devices and three information storage devices are shown. However, one or more terminal devices may be used. Further, the number of information storage devices is not limited to three. One or more information storage devices may be connected to the communication network 207, and the information management device 200 may include a storage device corresponding to the information storage device.

  The information management apparatus 200 receives information from the system administrator, and displays the disclosure possible range, the recommended disclosure range, the protective treatment effective range, and the like to the system administrator. Thereafter, the information management system 200 stores the input information in the information storage device by the processing of the information placement unit 12 (see FIG. 1).

  FIG. 22 is a block diagram illustrating a configuration example of the information management apparatus 200. The information processing device 212 is, for example, a CPU, and executes processing according to a program 217a stored in the storage device 217. The program 217a includes the feature analysis unit 100, the range comparison unit 7, the range display unit 8, the protection treatment effective range determination unit 10, the protection treatment change unit 14, the protection treatment application unit 11, the information arrangement unit 12, and the notification illustrated in FIG. This is a program for executing the processing of the means 13. Accordingly, the operations of these means are realized by the information processing apparatus 212.

  The data storage device 213 stores information stored in the condition definition database 101 and the personal / organization information database 102 (information illustrated in FIGS. 2, 3, and 5). That is, the data storage device 213 corresponds to the condition definition database 101 and the personal / organization information database 102.

  The information input device 211 is a device that inputs information to be the information resource 1. The information input device 211 is a data reading device (such as a CD-ROM drive) that reads data from an information storage medium such as a CD-ROM. Alternatively, the information input device 211 may be an information input device such as a keyboard.

  The display device 214 displays a GUI. The range display means 8 is realized by the display device 214 and the information processing device 212. The operation device 215 is a device corresponding to the range operation means 9 (for example, a pointing device such as a mouse).

  The communication device 216 is an interface with the communication network 207 and transmits / receives information to / from the terminal devices 201 to 203 and the information storage devices 204 to 206 via the communication network 207. The information processing device 212 stores information in the information storage device via the communication device 216. In addition, an electronic mail or the like notifying the presence of newly input information is transmitted to the terminal devices 201 to 203 via the communication device 216.

  The information processing device 212 executes a process (a process corresponding to the feature analysis unit 100 illustrated in FIG. 1) for determining the disclosure possible range and the disclosure recommended range for the information input to the information input device 211, and also the protective treatment effective range. (A process corresponding to the protective treatment effective range determination means 10) is executed. Then, a process (a process corresponding to the range comparison means 7 shown in FIG. 1) for comparing the disclosure possible range, the disclosure recommended range, and the protection treatment effective range is executed, and each range is displayed on the display device 214 based on the result of the process. To display. Further, in accordance with the operation received by the controller device 215, a process for changing the protective action defined in the input information (a process corresponding to the protective action changing unit 14) is executed. In addition, the information processing apparatus 212 applies a predetermined protection procedure (or changed protection procedure) to the input information (a process corresponding to the protection procedure application unit 11), and the input information as information. Processing to be stored in the storage device 204 or the like (processing corresponding to the information arrangement unit 12), processing for transmitting the presence of newly input information or the like to the terminal device 201 or the like (processing corresponding to the notification unit 13) is executed.

  In the second embodiment, information already distributed is the information resource 1. In this case, the information processing device 212 may read information from the information storage devices 204 to 206 via the communication device 216 and use the information as the information resource 1.

  An example of the third embodiment will be described below. FIG. 23 is a block diagram illustrating a configuration example of the information management apparatus (information management system) 200. Note that the information management apparatus 200 is connected to the terminal apparatuses 201 to 203 and the information storage apparatuses 204 to 206, as in the case shown in FIG. The information processing device 212 is, for example, a CPU, and executes processing according to a program 217a stored in the storage device 217. The program 217a is a program for executing the processes of the feature analysis unit 100, the range comparison unit 7, the range display unit 8, and the current referenceable range determination unit 22 shown in FIG. Accordingly, the operations of these means are realized by the information processing apparatus 212.

  The data storage device 213 corresponds to the condition definition database 101 and the personal / organization information database 102 as in the data storage device (see FIG. 22) shown in the first embodiment. Further, the communication device 216 is an interface with the communication network 207, similarly to the communication device (see FIG. 22) shown in the first embodiment. The output device 224 outputs each range (for example, displays it). The range display unit 8 is realized by the output device 224 and the information processing device 212.

  The information processing device 212 extracts information from each of the information storage devices 204 to 206 and executes processing (processing corresponding to the feature analysis unit 100 shown in FIG. 16) for determining a referenceable range and a recommended reference range, and also refers to the current reference. A process for determining a possible range (a process corresponding to the current referable range 22) is executed. Then, a process for comparing the referenceable range, the recommended reference range, and the current referenceable range (a process corresponding to the range comparison unit 7 shown in FIG. 16) is executed, and each range is sent to the output device 224 based on the result of the process. Output (for example, display output).

  In the present embodiment, an apparatus corresponding to the operation device 215 (see FIG. 22) is not shown, but the operation device 215 may be provided. In addition, the information processing device 212 changes the storage area in which information is stored (processing corresponding to the arrangement changing unit 17) according to the operation received by the operation device 215, and information belonging to the first subset. May be executed in accordance with the program 217a.

  The present invention is applicable as an information management system in an organization where there are a plurality of information referers and a plurality of information referred to by the information referers. In particular, the system administrator can easily confirm to which information reference the individual information is disclosed, or it is easy to confirm what information a specific information reference can refer to. It is effective to make it possible.

It is a functional block diagram which shows the example of a functional structure of the information management system by 1st Embodiment. It is explanatory drawing which shows the example of the conditions for materializing as confidential information, and the example of the description which prescribed | regulated the arrangement | sequence of the word which will be included by a high-order concept. It is explanatory drawing which shows the example of the conditions for materializing as useful information. It is explanatory drawing which shows the example of the information input. It is explanatory drawing which shows the example of the memory content which a personal and organization information database memorize | stores. It is a block diagram which shows the structural example of the terminal device which each information referer uses. It is explanatory drawing which shows the example of the information referer memorize | stored for every subset. It is explanatory drawing which shows the example of a display at the time of using a Venn diagram as GUI. It is explanatory drawing which shows the example of the message displayed according to drag and drop operation. It is explanatory drawing which shows an example of a display at the time of using an icon and a window as GUI. It is explanatory drawing which shows the example of an attribute database and a personal database. It is explanatory drawing which shows the example of the information referer memorize | stored for every subset. It is explanatory drawing which shows the example of a display at the time of using a Venn diagram as GUI. It is a function block diagram which shows the example of a function structure of the information management system by 2nd Embodiment. It is explanatory drawing which shows the example of a display at the time of using a Venn diagram as GUI. It is a function block diagram which shows the example of a function structure of the information management system by 3rd Embodiment. It is explanatory drawing which shows the example of the information memorize | stored for every subset. It is explanatory drawing which shows the example of a display at the time of using a Venn diagram as GUI. It is explanatory drawing which shows an example of a display at the time of using an icon and a window as GUI. It is explanatory drawing which shows the example of a display at the time of using a Venn diagram as GUI. It is explanatory drawing which shows the example of the apparatus connected to the information management system and information management system in 1st Embodiment. It is a block diagram which shows the structural example of the information management system in 1st Embodiment. It is a block diagram which shows the structural example of the information management system in 3rd Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Information resource 2 Condition extraction means 3 Confidentiality judgment means 4 Usability judgment means 5 Disclosure range judgment means 6 Disclosure recommended range judgment means 7 Range comparison means 8 Range display means 9 Range operation means 10 Protection treatment effective range judgment means 11 Protection Treatment application means 12 Information arrangement means 13 Notification means 14 Protection treatment change means 100 Feature analysis section 101 Condition definition database 102 Personal / organization information database 111 Content judgment means 112 Range judgment means

Claims (79)

The data related to each information referrer who wants to refer to the information includes identification information of the information referrer including the ID or name of the information referrer, the position of the information referrer in the organization, and keywords related to the information referrer. Information referer attribute storage means for storing attribute information of the information referrer;
A confidential information word, which is a word that will be classified as confidential information by being included in the information, is stored for each type of confidential information, and the information is converted to useful information by being included in the information. Means for storing useful information words that are words representing what may be applicable;
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word The type of the confidential information is determined based on the type of the information, and the condition that the predetermined information includes the useful information word is determined on the condition that the predetermined information includes the useful information word. Content determination means to perform ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means, it is possible to refer to the type of confidential information of the predetermined information that satisfies the criteria of being confidential information Disclosure is possible by identifying information referrers that fall within the organization, and identifying the set of information referrers as a set of information referrers that can refer to the predetermined information without any security problems The number of keywords that match or are similar to the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer are counted. It is recommended to identify information referees whose count result is equal to or greater than a predetermined threshold value and refer to the predetermined information for the specified set of information referrers. The disclosure recommended range and determining range determining means is a set of information referring's
Comparing at least two ranges of the disclosure possible range and the disclosure recommended range, the correspondence information of the information reference person and the range to which the information reference person belongs, and the information reference person belonging only to the disclosure possible range, Range comparison means for creating correspondence information representing information referents belonging to the disclosure possible range and the disclosure recommended range and information referers belonging only to the disclosure recommended range ,
An information management system comprising: range display means for displaying the correspondence information . Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer The disclosure range is determined by extracting the identification information, and matches the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer. Alternatively, the number of similar keywords is counted, the information reference whose count result is equal to or greater than a predetermined threshold is specified, and the disclosure recommended range is determined by extracting the identification information of the specified information reference The information management system according to claim 1. The data related to each information referrer who wants to refer to the information is the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer within the organization, and the information referer responds when referring to the information Information referer attribute storage means for storing a possible authentication method and attribute information of an information referrer including a keyword related to the information referer;
A confidential information word, which is a word that will be classified as confidential information by being included in the information, is stored for each type of confidential information, and the information is converted to useful information by being included in the information. Means for storing useful information words that are words representing what may be applicable;
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word The type of the confidential information is determined based on the type of the information, and the condition that the predetermined information includes the useful information word is determined on the condition that the predetermined information includes the useful information word. Content determination means to perform ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means, it is possible to refer to the type of confidential information of the predetermined information that satisfies the criteria of being confidential information Disclosure is possible by identifying information referrers that fall within the organization, and identifying the set of information referrers as a set of information referrers that can refer to the predetermined information without any security problems The number of keywords that match or are similar to the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer are counted. It is recommended to identify information referees whose count result is equal to or greater than a predetermined threshold value and refer to the predetermined information for the specified set of information referrers. The disclosure recommended range and determining range determining means is a set of information referring's
Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information referer, the information referer who can handle the authentication method applied to the predetermined information is identified and identified. Protective action effective range determination means for determining the set of information reference persons as a protective action effective range that is a set of information reference persons determined to be able to refer to the predetermined information ;
It is correspondence information between the information reference person and the range to which the information reference belongs by comparing at least three ranges of the disclosure possible range, the disclosure recommendation range, and the protective treatment effective range, and the disclosure possible range and disclosure Information referer who belongs to the recommended range and effective range of protection measures, information referrer who belongs only to the disclosure possible range, information referer who belongs only to the recommended disclosure range, information referer who belongs only to the effective range of protection measure, disclosure Information referer who belongs to the scope of disclosure and effective scope of protection measures and does not belong to the recommended disclosure range, information reference person who belongs to the recommended disclosure range and effective scope of protection measures and does not belong to the disclosure possible range, disclosure possible range and recommended disclosure range Range comparison means for creating corresponding relationship information respectively representing information referers who belong to and do not belong to the protective treatment effective range ;
An information management system comprising: range display means for displaying the correspondence information . Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer The disclosure range is determined by extracting the identification information, and matches the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer. Alternatively, the number of similar keywords is counted, the information reference whose count result is equal to or greater than a predetermined threshold is specified, and the disclosure recommended range is determined by extracting the identification information of the specified information reference And
The protection measure effective range determination means is information that can correspond to the authentication method applied to the predetermined information based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information reference person. The information management system according to claim 3, wherein the effective range of protection is determined by identifying a referrer and extracting identification information of the identified information referer . Range operation means for accepting an operation of moving an information referrer in one range indicated by the correspondence information displayed on the range display means to another range ;
Protective measures for re-determining the type of authentication method that has been applied in advance to predetermined information as the type of authentication method that can be handled by an information referrer who has been moved to another range using range operation means The information management system according to claim 3, further comprising a changing unit. The system administrator is instructed to apply the authentication method redefined by the protection action changing means for the predetermined information or to apply the authentication method redefined by the protection action changing means for the predetermined information. The information management system according to claim 5, further comprising protection measure application means for outputting the information. The data related to each information referrer who wants to refer to the information is the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer within the organization, and the information referer responds when referring to the information Information referer attribute storage means for storing a possible authentication method and attribute information of an information referrer including a keyword related to the information referer;
A confidential information word, which is a word that will be classified as confidential information by being included in the information, is stored for each type of confidential information, and the information is converted to useful information by being included in the information. Means for storing useful information words that are words representing what may be applicable;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word The type of the confidential information is determined based on the type of the information, and the condition that the predetermined information includes the useful information word is determined on the condition that the predetermined information includes the useful information word. Content determination means to perform ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means, it is possible to refer to the type of confidential information of the predetermined information that satisfies the criteria of being confidential information Disclosure is possible by identifying information referrers that fall within the organization, and identifying the set of information referrers as a set of information referrers that can refer to the predetermined information without any security problems The number of keywords that match or are similar to the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer are counted. It is recommended to identify information referees whose count result is equal to or greater than a predetermined threshold value and refer to the predetermined information for the specified set of information referrers. The disclosure recommended range and determining range determining means is a set of information referring's
Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information referer, the information referer who can handle the authentication method applied to the predetermined information is identified and identified. Protective action effective range determination means for determining the set of information reference persons as a protective action effective range that is a set of information reference persons determined to be able to refer to the predetermined information ;
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. Current disclosure range determination means for determining as a current disclosure range that is a set of possible information referrers ;
Comparing at least four ranges of the disclosure possible range, the disclosure recommendation range, the protective treatment effective range, and the current disclosure range, it is correspondence information between the information reference and the range to which the information reference belongs, Information referrer that belongs only to the disclosure scope, information referrer that belongs only to the recommended disclosure scope, information referer that belongs to the disclosure possible scope and the recommended disclosure scope, and does not belong to the effective scope of protection and the current disclosure scope, and disclosure Information reference that belongs to possible range, recommended disclosure range, effective range of protective action and current disclosure range, belongs to possible disclosure range and recommended disclosure range, and belongs only to either effective range of protective action or current disclosed range An information referer, an information referrer that does not belong to the disclosure scope and recommended disclosure range, and that belongs to the protective action effective range and the current disclosure range; Information referer belonging to the scope of effective protection and the current disclosure range, information referer belonging to the recommended disclosure range and not belonging to the disclosure possible range, and information referer belonging to the protection treatment effective range and the current disclosure range, and belonging to the disclosure possible range Information referer that does not belong to the recommended range and belongs only to one of the effective range of protection measures or the current disclosure range, and belongs to the recommended disclosure range, does not belong to the disclosure range, and the effective range of protection measures and the current disclosure range Corresponding to information referents that belong only to one of the above, and information referers that do not belong to the disclosureable range or recommended disclosure range and belong to only one of the effective range of protection measures or the current disclosure range A range comparison means for creating relationship information ;
An information management system comprising: range display means for displaying the correspondence information . Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer The disclosure range is determined by extracting the identification information, and matches the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer. Alternatively, the number of similar keywords is counted, the information reference whose count result is equal to or greater than a predetermined threshold is specified, and the disclosure recommended range is determined by extracting the identification information of the specified information reference And
The protection measure effective range determination means is information that can be applied to the authentication method applied to the predetermined information based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information reference person. Identify the referrer, determine the protective treatment effective range by extracting the identified information referrer identification information,
The current disclosure range determination means identifies an information referer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and extracts identification information of the identified information referrer The information management system according to claim 7, wherein a current disclosure range is determined . Range operation means for accepting an operation of moving an information referrer in one range indicated by the correspondence information displayed on the range display means to another range ;
Protective measures for re-determining the type of authentication method that has been applied in advance to predetermined information as the type of authentication method that can be handled by an information referrer who has been moved to another range using range operation means The information management system according to claim 7 or 8, further comprising a changing unit. The system administrator is instructed to apply the authentication method redefined by the protection measure changing means for the predetermined information or to apply the authentication method redefined by the protection measure changing means for the predetermined information. The information management system according to claim 9, further comprising protection measure application means for outputting the information. The data related to each information referrer who wants to refer to the information includes the identification information of the information referrer including the ID or name of the information referrer and the information referrer including the authentication method that the information referer can handle when referring to the information. Information referer attribute storage means for storing attribute information ;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
Corresponding to the authentication method applied to the predetermined information based on the authentication method applied to the predetermined information that may be referred to by the information referer and the authentication method that can be handled by the information reference Protective action effective that identifies possible information referers and determines the specified set of information referers as a protective action effective range that is a set of information referees determined to be able to refer to the predetermined information A range determination means;
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. Current disclosure range determination means for determining as a current disclosure range that is a set of possible information referrers ;
By comparing at least two ranges of the protective treatment effective range and the current disclosure range, it is correspondence information between the information referer and the range to which the information reference belongs, and the protective treatment effective range and the current disclosure range Range comparison means for creating correspondence information each representing an information referer belonging to and an information referrer belonging to only one of the protection scope and the current disclosure range ;
An information management system comprising: range display means for displaying the correspondence information . Protection treatment effective range judgment means, the authentication method has been applied to the predetermined information, based on information reference person in the adaptable authentication method, capable of supporting authentication method that is applied to the predetermined information Identify the information referer, determine the protective treatment effective range by extracting the identified information referrer identification information,
The current disclosure range determination means identifies an information referer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and extracts identification information of the identified information referrer The information management system according to claim 11 , wherein a current disclosure range is determined . Range operation means for accepting an operation of moving an information referrer in one range indicated by the correspondence information displayed on the range display means to another range ;
Protective measures for re-determining the type of authentication method that has been applied in advance to predetermined information as the type of authentication method that can be handled by an information referrer who has been moved to another range using range operation means information management system according to claim 11 or claim 12 and a change means. The system administrator is instructed to apply the authentication method redefined by the protection action changing means for the predetermined information or to apply the authentication method redefined by the protection action changing means for the predetermined information. The information management system according to claim 13 , further comprising protection measure application means for outputting the information. The data related to each information referrer who wants to refer to information includes the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer in the organization, and the information referer when referring to the information. Information referer attribute storage means for storing information referrer attribute information including a compatible authentication method ;
Means for storing, for each type of confidential information, a confidential information word, which is a word that will be classified as confidential information by being included in the information;
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word Content determination means for determining the type of confidential information based on the type of
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means, it is possible to refer to the type of confidential information of the predetermined information that satisfies the criteria of being confidential information Disclosure is possible by identifying information referrers that fall within the organization's position and identifying the set of information referrers as a set of information referrers that can refer to the predetermined information without any security problems Range determination means for determining a range;
Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information referer, the information referer who can handle the authentication method applied to the predetermined information is identified and identified. Protective action effective range determination means for determining the set of information reference persons as a protective action effective range that is a set of information reference persons determined to be able to refer to the predetermined information ;
Comparing at least two ranges of the disclosure possible range and the protective treatment effective range, it is correspondence information between the information reference person and the range to which the information reference person belongs, and the information reference person belongs only to the disclosure possible range. Range comparison means for creating correspondence information representing information referents belonging to the disclosure possible range and the protective treatment effective range, and information referers belonging only to the protective treatment effective range ,
An information management system comprising: range display means for displaying the correspondence information . Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer Determine the disclosure possible range by extracting identification information,
The protection measure effective range determination means is information that can correspond to the authentication method applied to the predetermined information based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information reference person. The information management system according to claim 15 , wherein the effective range of protection is determined by identifying a referrer and extracting identification information of the identified information referrer . Range operation means for accepting an operation of moving an information referrer in one range indicated by the correspondence information displayed on the range display means to another range ;
Protective measures for re-determining the type of authentication method that has been applied in advance to predetermined information as the type of authentication method that can be handled by an information referrer who has been moved to another range using range operation means The information management system according to claim 15 or 16 , further comprising a changing unit. The system administrator is instructed to apply the authentication method redefined by the protection measure changing means for the predetermined information or to apply the authentication method redefined by the protection measure changing means for the predetermined information. The information management system according to claim 17 , further comprising protection measure application means for outputting the information. The data related to each information referrer who wants to refer to information includes the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer in the organization, and the information referer when referring to the information. Information referer attribute storage means for storing information referrer attribute information including a compatible authentication method ;
Means for storing, for each type of confidential information, a confidential information word, which is a word that will be classified as confidential information by being included in the information;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word Content determination means for determining the type of confidential information based on the type of
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means, it is possible to refer to the type of confidential information of the predetermined information that satisfies the criteria of being confidential information Disclosure is possible by identifying information referrers that fall within the organization's position and identifying the set of information referrers as a set of information referrers that can refer to the predetermined information without any security problems Range determination means for determining a range;
Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information referer, the information referer who can handle the authentication method applied to the predetermined information is identified and identified. Protective action effective range determination means for determining the set of information reference persons as a protective action effective range that is a set of information reference persons determined to be able to refer to the predetermined information ;
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. Current disclosure range determination means for determining as a current disclosure range that is a set of possible information referrers ;
Comparing at least three ranges of the disclosure possible range, the protective treatment effective range, and the current disclosure range, it is correspondence information between the information referer and the range to which the information reference belongs, and only in the disclosure possible range Information referer who belongs, information reference that belongs to the disclosure possible range, and belongs to only one of the protection effective range and the current disclosure range, and the information that belongs to the disclosure possible range, the protective treatment effective range, and the current disclosure range References, information referees that do not belong to the disclosure scope, and belong to the protection scope and the current disclosure scope, and those that do not belong to the disclosure scope, and are either the protection scope or the current disclosure scope. a range comparing means for creating a correspondence relationship information indicating each information referer belonging to,
An information management system comprising: range display means for displaying the correspondence information . Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer Determine the disclosure possible range by extracting identification information,
The protection measure effective range determination means is information that can be applied to the authentication method applied to the predetermined information based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information reference person. Identify the referrer, determine the protective treatment effective range by extracting the identified information referrer identification information,
The present disclosure range determination means identifies an information referer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and extracts identification information of the identified information referrer 20. The information management system according to claim 19 , wherein the current disclosure range is determined . Range operation means for accepting an operation of moving an information referrer in one range indicated by the correspondence information displayed on the range display means to another range ;
Protective measures for re-determining the type of authentication method that has been applied in advance to predetermined information as the type of authentication method that can be handled by an information referrer who has been moved to another range using range operation means The information management system according to claim 19 or 20 , further comprising a changing unit. The system administrator is instructed to apply the authentication method redefined by the protection measure changing means for the predetermined information or to apply the authentication method redefined by the protection measure changing means for the predetermined information. The information management system according to claim 21 , further comprising protection measure application means for outputting the information. As data related to each information reference person who wants to refer to the information, identification information of the information reference person including the ID or name of the information reference person, and attribute information of the information reference person including the position of the information reference person in the organization Information referrer attribute storage means for storing;
Means for storing, for each type of confidential information, a confidential information word, which is a word that will be classified as confidential information by being included in the information;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word Content determination means for determining the type of confidential information based on the type of
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means, it is possible to refer to the type of confidential information of the predetermined information that satisfies the criteria of being confidential information Disclosure is possible by identifying information referrers that fall within the organization's position and identifying the set of information referrers as a set of information referrers that can refer to the predetermined information without any security problems Range determination means for determining a range;
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. Current disclosure range determination means for determining as a current disclosure range that is a set of possible information referrers ;
Comparing at least two ranges of the disclosure possible range and the current disclosure range , correspondence information between the information reference person and the range to which the information reference person belongs, and an information reference person belonging only to the disclosure possible range; Range comparison means for creating correspondence information representing information referers belonging to the disclosure possible range and the current disclosure range and information referers belonging only to the current disclosure range ;
An information management system comprising: range display means for displaying the correspondence information . Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer Determine the disclosure possible range by extracting identification information,
The present disclosure range determination means identifies an information referer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and extracts identification information of the identified information referrer The information management system according to claim 23 , wherein a current disclosure range is determined . The data related to each information referrer who wants to refer to the information includes identification information of the information referrer including the ID or name of the information referrer, the position of the information referrer in the organization, and keywords related to the information referrer. Information referer attribute storage means for storing attribute information of the information referrer;
A confidential information word, which is a word that will be classified as confidential information by being included in the information, is stored for each type of confidential information, and the information is converted to useful information by being included in the information. Means for storing useful information words that are words representing what may be applicable;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word The type of the confidential information is determined based on the type of the information, and the condition that the predetermined information includes the useful information word is determined on the condition that the predetermined information includes the useful information word. Content determination means to perform ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means, it is possible to refer to the type of confidential information of the predetermined information that satisfies the criteria of being confidential information Disclosure is possible by identifying information referrers that fall within the organization, and identifying the set of information referrers as a set of information referrers that can refer to the predetermined information without any security problems The number of keywords that match or are similar to the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer are counted. It is recommended to identify information referees whose count result is equal to or greater than a predetermined threshold value and refer to the predetermined information for the specified set of information referrers. The disclosure recommended range and determining range determining means is a set of information referring's
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. Current disclosure range determination means for determining as a current disclosure range that is a set of possible information referrers ;
Comparing at least three ranges of the disclosure possible range, the recommended disclosure range, and the current disclosure range, it is correspondence information between the information referer and the range to which the information reference belongs. Information referer belonging to the scope and the present disclosure scope, information referer belonging only to the disclosure possible scope, information referer belonging only to the recommended disclosure scope, information referer belonging only to the current disclosure scope, Information referer who belongs to the current disclosure range and does not belong to the recommended disclosure range, information referer who belongs to the recommended disclosure range and the present disclosure range and does not belong to the disclosure possible range, and the present disclosure that belongs to the disclosure possible range and the recommended disclosure range Range comparison means for creating correspondence information respectively representing information referers that do not belong to the range ;
An information management system comprising: range display means for displaying the correspondence information . Range determining means identifies the information referencer corresponding to positioning in the referable tissue types of sensitive information of a predetermined information that meets the criteria of being confidential information, the identified said information referencer The disclosure range is determined by extracting the identification information, and matches the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer. Alternatively, the number of similar keywords is counted, the information reference whose count result is equal to or greater than a predetermined threshold is specified, and the disclosure recommended range is determined by extracting the identification information of the specified information reference And
The present disclosure range determination means identifies an information referer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and extracts identification information of the identified information referrer The information management system according to claim 25 , wherein the current disclosure range is determined . As data related to each information referrer who wants to refer to the information, identification information of the information referrer including the ID or name of the information referrer, an authentication method that the information referer can handle when referring to the information, and an information referrer Information referer attribute storage means for storing attribute information of an information referrer including related keywords ;
Means for storing a useful information word that is a word indicating that the information can correspond to useful information by being included in the information;
Content determination for determining that the predetermined information includes a useful information word on the condition that the predetermined information that may be referred to by an information reference includes the useful information word Means,
Based on the data related to each information referer stored by the information referrer attribute storage means and the determination result of the content determination means , satisfy the criterion that a useful information word is included among the keywords related to the information referrer. The number of keywords that match or are similar to useful information words included in the predetermined information is counted, information referees whose count result is equal to or greater than a predetermined threshold value are identified, and the identified information reference A range determination unit that determines a set of persons as a recommended disclosure range that is a set of information reference persons who should recommend referring to the predetermined information ;
Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information referer, the information referer who can handle the authentication method applied to the predetermined information is identified and identified. Protective action effective range determination means for determining the set of information reference persons as a protective action effective range that is a set of information reference persons determined to be able to refer to the predetermined information ;
Comparing at least two ranges of the recommended disclosure range and the protective action effective range, the corresponding information of the information reference person and the range to which the information reference belongs, and an information reference person belonging only to the recommended disclosure range Range comparison means for creating correspondence information respectively representing information referents belonging to the disclosure recommendation range and the protective treatment effective range, and information referers belonging only to the protective treatment effective range ;
An information management system comprising: range display means for displaying the correspondence information . Range determining means, among the keywords associated with the information referring person, counts the number of matching keywords or similar useful information word included in the predetermined information that meet the criteria that they contain useful information words Then, specify the information reference person whose count result is equal to or greater than a predetermined threshold, determine the disclosure recommended range by extracting the identification information of the specified information reference person,
The protection measure effective range determination means is information that can correspond to the authentication method applied to the predetermined information based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information reference person. 28. The information management system according to claim 27 , wherein the effective range of protection is determined by identifying a referrer and extracting identification information of the identified information referrer . Range operation means for accepting an operation of moving an information referrer in one range indicated by the correspondence information displayed on the range display means to another range ;
Protective measures for re-determining the type of authentication method applied in advance to predetermined information as the type of authentication method that can be handled by an information referrer who has been moved to another range using range operation means The information management system according to claim 27 or 28 , further comprising: a changing unit. The system administrator is instructed to apply the authentication method redefined by the protection action changing means for the predetermined information or to apply the authentication method redefined by the protection action changing means for the predetermined information. 30. The information management system according to claim 29 , further comprising protection measure application means for outputting the information. As data related to each information referrer who wants to refer to the information, identification information of the information referrer including the ID or name of the information referrer, an authentication method that the information referer can handle when referring to the information, and an information referrer Information referer attribute storage means for storing attribute information of an information referrer including related keywords ;
Means for storing a useful information word that is a word indicating that the information can correspond to useful information by being included in the information;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
Content determination for determining that the predetermined information includes a useful information word on the condition that the predetermined information that may be referred to by an information reference includes the useful information word Means,
Based on the data related to each information referer stored by the information referrer attribute storage means and the determination result of the content determination means , satisfy the criterion that a useful information word is included among the keywords related to the information referrer. The number of keywords that match or are similar to useful information words included in the predetermined information is counted, information referees whose count result is equal to or greater than a predetermined threshold value are identified, and the identified information reference A range determination unit that determines a set of persons as a recommended disclosure range that is a set of information reference persons who should recommend referring to the predetermined information ;
Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information referer, the information referer who can handle the authentication method applied to the predetermined information is identified and identified. Protective action effective range determination means for determining the set of information reference persons as a protective action effective range that is a set of information reference persons determined to be able to refer to the predetermined information ;
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. Current disclosure range determination means for determining as a current disclosure range that is a set of possible information referrers ;
Comparing at least three ranges, the recommended disclosure range, the protective action effective range, and the current disclosure range, it is correspondence information between the information referrer and the range to which the information referer belongs, and only the recommended disclosure range Information referrer belonging to, only belonging to the recommended disclosure range, information referer belonging to only one of the protection effective range and the current disclosure range, belonging to the recommended disclosure range, the effective protection range and the current disclosure range Information referrer, information referrer that does not belong to the recommended disclosure range, and belongs to the protective treatment effective range and the current disclosure range Range comparison means for creating correspondence information respectively representing information referers belonging to only ,
An information management system comprising: range display means for displaying the correspondence information . Range determining means, among the keywords associated with the information referring person, counts the number of matching keywords or similar useful information word included in the predetermined information that meet the criteria that they contain useful information words Then, specify the information reference person whose count result is equal to or greater than a predetermined threshold, determine the disclosure recommended range by extracting the identification information of the specified information reference person,
The protection measure effective range determination means is information that can be applied to the authentication method applied to the predetermined information based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information reference person. Identify the referrer, determine the protective treatment effective range by extracting the identified information referrer identification information,
The current disclosure range determination means identifies an information referer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and extracts identification information of the identified information referrer 32. The information management system according to claim 31 , wherein the current disclosure range is determined . Range operation means for accepting an operation of moving an information referrer in one range indicated by the correspondence information displayed on the range display means to another range ;
Protective measures for re-determining the type of authentication method that has been applied in advance to predetermined information as the type of authentication method that can be handled by an information referrer who has been moved to another range using range operation means The information management system according to claim 31 or claim 32 , further comprising: a changing unit. The system administrator is instructed to apply the authentication method redefined by the protection action changing means for the predetermined information or to apply the authentication method redefined by the protection action changing means for the predetermined information. 34. The information management system according to claim 33 , further comprising protection measure application means for outputting the information. As information related to each information referrer who wants to refer to the information, identification information of the information referrer including the ID or name of the information referrer and attribute information of the information referrer including a keyword related to the information referrer are stored. Information referrer attribute storage means;
Means for storing a useful information word that is a word indicating that the information can correspond to useful information by being included in the information;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
Content determination for determining that the predetermined information includes a useful information word on the condition that the predetermined information that may be referred to by an information reference includes the useful information word Means,
Based on the data related to each information referer stored by the information referrer attribute storage means and the determination result of the content determination means , satisfy the criterion that a useful information word is included among the keywords related to the information referrer. The number of keywords that match or are similar to useful information words included in the predetermined information is counted, information referees whose count result is equal to or greater than a predetermined threshold value are identified, and the identified information reference A range determination unit that determines a set of persons as a recommended disclosure range that is a set of information reference persons who should recommend referring to the predetermined information ;
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. Current disclosure range determination means for determining as a current disclosure range that is a set of possible information referrers ;
Comparing at least two ranges of the recommended disclosure range and the current disclosed range, information corresponding to an information reference and a range to which the information reference belongs, and an information reference belonging to only the recommended disclosure range; Range comparison means for creating correspondence information that respectively represents information referers belonging to the disclosure recommended range and the current disclosure range, and information referers belonging only to the current disclosure range ;
An information management system comprising: range display means for displaying the correspondence information . Range determining means, among the keywords associated with the information referring person, counts the number of matching keywords or similar useful information word included in the predetermined information that meet the criteria that they contain useful information words Then, specify the information reference person whose count result is equal to or greater than a predetermined threshold, determine the disclosure recommended range by extracting the identification information of the specified information reference person,
The present disclosure range determination means identifies an information referer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and extracts identification information of the identified information referrer 36. The information management system according to claim 35 , wherein a current disclosure range is determined . The content determining means assumes that the predetermined information including a word partially matching the confidential information word is confidential information, and determines the assumed confidential information type based on the confidential information word type. ,
The range determination means identifies an information referrer that corresponds to the position within the organization that can refer to the assumed confidential information type, and the set of the identified information referrer is an information referrer that constitutes a discloseable range It is determined that it is an uncertain set that is a set of information referrers that may not be an information referrer that constitutes the disclosure possible range,
27. The information management system according to any one of claims 1 to 10 and claim 15 to claim 26 , wherein the range display means displays information referers belonging to the uncertain set . Range determining means, among the keywords associated with the information referring person, counts the number of matching keywords or similar useful information word included in the predetermined information that meet the criteria that they contain useful information words And, the count result is less than a predetermined threshold value, but the information referrer that the difference between the count value and the threshold value is within a predetermined value is identified, and the set of identified information referrer, It is determined that it is an uncertain set that is a set of information referrers that may be an information referer that constitutes the recommended disclosure range, but cannot be said to be an information referer that reliably constitutes the recommended disclosure range,
37. The information management system according to any one of claims 1 to 10 and 25 to 36 , wherein the range display means displays information referers belonging to the uncertain set . The range display means displays individual ranges to which each information referer classified in the correspondence information belongs,
A specifying means for specifying the individual ranges ;
Range display means, the information management system according to any one of claims 38 claim 1, the information reference who belong to the specified range is displayed on the basis of the correspondence relationship information by the specified means. The range operation means which receives the operation which moves the information reference person of one range which the correspondence information displayed on the range display means moves to another range is provided. Any one of Claims 1 to 39 The information management system described. 41. The information management system according to any one of claims 1 to 40 , further comprising information arrangement means for storing predetermined information in a storage area for which an access method is determined in advance . The data related to each information referrer who wants to refer to the information includes identification information of the information referrer including the ID or name of the information referrer, the position of the information referrer in the organization, and keywords related to the information referrer. Information referer attribute storage means for storing attribute information of the information referrer;
A confidential information word, which is a word that will be classified as confidential information by being included in the information, is stored for each type of confidential information, and the information is converted to useful information by being included in the information. Means for storing useful information words that are words representing what may be applicable;
Regarding each piece of information stored in a predetermined storage area, it is determined that the information satisfies the criteria that the information is confidential information on the condition that the information includes the confidential information word, and the type of the confidential information word Content determination means for determining the type of confidential information based on the information, and determining that the information satisfies a criterion that the information includes a useful information word, provided that the information includes a useful information word ;
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means , the positioning in the organization of a predetermined information referrer determined in advance is referred to A set of information that identifies information corresponding to a type of confidential information that can be referred to by the corresponding information referer, and that allows the predetermined information referer to refer to the specified set of information without any security problems. For each piece of information that satisfies the criteria of including a useful information word, it matches the useful information word included in the information among the keywords related to the predetermined information referrer. Alternatively, the number of similar keywords is counted, information whose count result is equal to or greater than a predetermined threshold is specified, and the specified set of information is assigned to the predetermined information reference person. Referring recommended range and a determining range determining means is a set of information determined to be useful Te,
Compare at least two ranges of the referenceable range and the recommended reference range, and information on the correspondence between the information and the range to which the information belongs, information that belongs only to the referenceable range, a referenceable range, and a reference recommendation Range comparison means for creating correspondence information representing information belonging to the range and information belonging only to the recommended reference range ,
An information management system comprising: range display means for displaying the correspondence information . The data related to each information referrer who wants to refer to the information includes identification information of the information referrer including the ID or name of the information referrer, the position of the information referrer in the organization, and keywords related to the information referrer. Information referer attribute storage means for storing attribute information of the information referrer;
A confidential information word, which is a word that will be classified as confidential information by being included in the information, is stored for each type of confidential information, and the information is converted to useful information by being included in the information. Means for storing useful information words that are words representing what may be applicable;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
For each information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information is confidential information on the condition that the information includes a confidential information word. The information includes the useful information word on the condition that the information includes the useful information word, and determines the type of the confidential information based on the type of the confidential information word. Content determination means for determining that the standard is satisfied ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means , the positioning in the organization of a predetermined information referrer determined in advance is referred to A set of information that identifies information corresponding to a type of confidential information that can be referred to by the corresponding information referer, and that allows the predetermined information referer to refer to the specified set of information without any security problems. For each piece of information that satisfies the criteria of including a useful information word, it matches the useful information word included in the information among the keywords related to the predetermined information referrer. Alternatively, the number of similar keywords is counted, information whose count result is equal to or greater than a predetermined threshold is specified, and the specified set of information is assigned to the predetermined information reference person. Referring recommended range and a determining range determining means is a set of information determined to be useful Te,
The information processing apparatus and application software used by the predetermined information referer identify information to which an authentication method is applied, and the predetermined information referer actually refers to the specified set of information. Current referenceable range determination means for determining a current referenceable range that is a set of information that can be performed ;
It is correspondence information between the information and the range to which the information belongs by comparing at least three ranges of the referenceable range, the recommended reference range, and the current referenceable range, and the referenceable range, the recommended reference range, and the current recommended range. Information belonging to the referenceable range, information belonging only to the referenceable range, information belonging to only the recommended reference range, information belonging to only the current referenceable range, reference recommendation belonging to the referenceable range and the current referenceable range Correspondence indicating information that does not belong to the range, information that belongs to the recommended reference range and the current referenceable range and does not belong to the referenceable range, and information that belongs to the referenceable range and the recommended reference range and does not belong to the current referenceable range A range comparison means for creating relationship information ;
An information management system comprising: range display means for displaying the correspondence information . The data related to each information referrer who wants to refer to the information is the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer within the organization, and the information referer responds when referring to the information Information referer attribute storage means for storing a possible authentication method and attribute information of an information referrer including a keyword related to the information referer;
A confidential information word, which is a word that will be classified as confidential information by being included in the information, is stored for each type of confidential information, and the information is converted to useful information by being included in the information. Means for storing useful information words that are words representing what may be applicable;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
For each information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information is confidential information on the condition that the information includes a confidential information word. The information includes the useful information word on the condition that the information includes the useful information word, and determines the type of the confidential information based on the type of the confidential information word. Content determination means for determining that the standard is satisfied ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means , the positioning in the organization of a predetermined information referrer determined in advance is referred to A set of information that identifies information corresponding to a type of confidential information that can be referred to by the corresponding information referer, and that allows the predetermined information referer to refer to the specified set of information without any security problems. For each piece of information that satisfies the criteria of including a useful information word, it matches the useful information word included in the information among the keywords related to the predetermined information referrer. Alternatively, the number of similar keywords is counted, information whose count result is equal to or greater than a predetermined threshold is specified, and the specified set of information is assigned to the predetermined information reference person. Referring recommended range and a determining range determining means is a set of information determined to be useful Te,
The information processing apparatus and application software used by the predetermined information referer identify information to which an authentication method is applied, and the predetermined information referer actually refers to the specified set of information. Current referenceable range determination means for determining a current referenceable range that is a set of information that can be performed ;
The predetermined information referer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referer can handle the specified set of information. A protection measure effective range determination means for determining a protection measure effective range that is a set of information to which the authentication method is applied ;
It is correspondence information of information and the range to which the information belongs by comparing at least four ranges of the referenceable range, the recommended reference range, the current referenceable range, and the protective treatment effective range. Information that belongs only to the recommended reference range, information that belongs to the referenceable range and recommended reference range, does not belong to the current referenceable range and safeguard effective range, referenceable range, recommended reference range, and current Information belonging to the referenceable range and the protective action effective range, information belonging to the referenceable range and the recommended reference range, and belonging to only one of the current referenceable range and the protective action effective range, the referenceable range and the reference Information that does not belong to the recommended range, belongs to the current referenceable range and the effective range of protection measures, belongs to the referenceable range, does not belong to the recommended recommended range, and has the current referenceable range and protective measures. Information that belongs to the range, belongs to the recommended reference range, does not belong to the referenceable range, belongs to the current referenceable range and the protective action effective range, belongs to the referenceable range, does not belong to the recommended reference range, and is currently referenced Information belonging to only one of the possible range and the protective treatment effective range, information belonging to the recommended reference range, not belonging to the referenceable range, and belonging to only one of the current referenceable range and the protective treatment effective range, A range comparison means for creating correspondence information that does not belong to the referenceable range and the recommended reference range, and that respectively represents information that belongs to only one of the current referenceable range and the protective action effective range ;
An information management system comprising: range display means for displaying the correspondence information . The data related to each information referrer who wants to refer to the information includes the identification information of the information referrer including the ID or name of the information referrer and the information referrer including the authentication method that the information referer can handle when referring to the information. Information referer attribute storage means for storing attribute information ;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
Information processing devices and application software used by predetermined predetermined information referers correspond to information stored in a predetermined storage area and added with attribute information indicating an applied authentication method. Current reference that identifies the information to which the authentication method is applied and determines the set of the specified information as a current referenceable range that is a set of information that can be actually referred to by the predetermined information reference person Possible range determination means;
The predetermined information referer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referer can handle the specified set of information. A protection measure effective range determination means for determining a protection measure effective range that is a set of information to which the authentication method is applied ;
Information on correspondence between information and the range to which the information belongs by comparing at least two ranges of the protective treatment effective range and the current referenceable range, and information belonging to the current referenceable range and the protective treatment effective range And range comparison means for creating correspondence information each representing information belonging to only one of the current referable range and the protective treatment effective range ,
An information management system comprising: range display means for displaying the correspondence information . As data related to each information reference person who wants to refer to the information, identification information of the information reference person including the ID or name of the information reference person, and attribute information of the information reference person including the position of the information reference person in the organization Information referrer attribute storage means for storing;
Means for storing, for each type of confidential information, a confidential information word, which is a word that will be classified as confidential information by being included in the information;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
For each information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information is confidential information on the condition that the information includes a confidential information word. Content determination means for determining the type of confidential information based on the type of confidential information word ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means , the positioning in the organization of a predetermined information referrer determined in advance is referred to A set of information that identifies information corresponding to the type of confidential information that can be referred to by the corresponding information referer, and that allows the predetermined information referer to refer to the specified set of information without any security problems. A range determination means for determining a referenceable range ,
The information processing apparatus and application software used by the predetermined information referer identify information to which an authentication method is applied, and the predetermined information referer actually refers to the specified set of information. Current referenceable range determination means for determining a current referenceable range that is a set of information that can be performed ;
Compare at least two ranges of the referenceable range and the current referenceable range, and information on the correspondence between the information and the range to which the information belongs, information that belongs only to the referenceable range, referenceable range, and current range Range comparison means for creating correspondence information representing information belonging to the referenceable range and information belonging to only the current referenceable range ,
An information management system comprising: range display means for displaying the correspondence information . The data related to each information referrer who wants to refer to information includes the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer in the organization, and the information referer when referring to the information. Information referer attribute storage means for storing information referrer attribute information including a compatible authentication method ;
Means for storing, for each type of confidential information, a confidential information word, which is a word that will be classified as confidential information by being included in the information;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
For each information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information is confidential information on the condition that the information includes a confidential information word. Content determination means for determining the type of confidential information based on the type of confidential information word ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means , the positioning in the organization of a predetermined information referrer determined in advance is referred to A set of information that identifies information corresponding to the type of confidential information that can be referred to by the corresponding information referer, and that allows the predetermined information referer to refer to the specified set of information without any security problems. A range determination means for determining a referenceable range ,
The information processing apparatus and application software used by the predetermined information referer identify information to which an authentication method is applied, and the predetermined information referer actually refers to the specified set of information. Current referenceable range determination means for determining a current referenceable range that is a set of information that can be performed ;
The predetermined information referer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referer can handle the specified set of information. A protection measure effective range determination means for determining a protection measure effective range that is a set of information to which the authentication method is applied ;
Compare at least three ranges of the referenceable range, the current referenceable range, and the protective action effective range, and correspondence information between the information and the range to which the information belongs, and information that belongs only to the referenceable range , Information that belongs to the referenceable range and belongs to only one of the current referenceable range and the protective action effective range, information that belongs to the referenceable range, the current referenceable range, and the protective action effective range, and the referenceable range Information that belongs to the current referenceable range and the protective treatment effective range, and that does not belong to the referenceable range and belongs to only one of the current referenceable range and the protective treatment effective range, respectively. A range comparison means for creating correspondence information ;
An information management system comprising: range display means for displaying the correspondence information . The data related to each information referrer who wants to refer to information includes the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer in the organization, and the information referer when referring to the information. Information referer attribute storage means for storing information referrer attribute information including a compatible authentication method ;
Means for storing, for each type of confidential information, a confidential information word, which is a word that will be classified as confidential information by being included in the information;
For each information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information is confidential information on the condition that the information includes a confidential information word. Content determination means for determining the type of confidential information based on the type of confidential information word ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means , the positioning in the organization of a predetermined information referrer determined in advance is referred to A set of information that identifies information corresponding to the type of confidential information that can be referred to by the corresponding information referer, and that allows the predetermined information referer to refer to the specified set of information without any security problems. A range determination means for determining a referenceable range ,
The predetermined information referer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referer can handle the specified set of information. A protection measure effective range determination means for determining a protection measure effective range that is a set of information to which the authentication method is applied ;
Compare at least two ranges of the referenceable range and the protective treatment effective range, and information on correspondence between the information and the range to which the information belongs, information belonging only to the referenceable range, referenceable range and protection Range comparison means for creating correspondence information respectively representing information belonging to the treatment effective range and information belonging only to the protective treatment effective range ;
An information management system comprising: range display means for displaying the correspondence information . The data related to each information referrer who wants to refer to the information is the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer within the organization, and the information referer responds when referring to the information Information referer attribute storage means for storing a possible authentication method and attribute information of an information referrer including a keyword related to the information referer;
A confidential information word, which is a word that will be classified as confidential information by being included in the information, is stored for each type of confidential information, and the information is converted to useful information by being included in the information. Means for storing useful information words that are words representing what may be applicable;
For each information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information is confidential information on the condition that the information includes a confidential information word. The information includes the useful information word on the condition that the information includes the useful information word, and determines the type of the confidential information based on the type of the confidential information word. Content determination means for determining that the standard is satisfied ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means , the positioning in the organization of a predetermined information referrer determined in advance is referred to A set of information that identifies information corresponding to a type of confidential information that can be referred to by the corresponding information referer, and that allows the predetermined information referer to refer to the specified set of information without any security problems. For each piece of information that satisfies the criteria of including a useful information word, it matches the useful information word included in the information among the keywords related to the predetermined information referrer. Alternatively, the number of similar keywords is counted, information whose count result is equal to or greater than a predetermined threshold is specified, and the specified set of information is assigned to the predetermined information reference person. Referring recommended range and a determining range determining means is a set of information determined to be useful Te,
The predetermined information referer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referer can handle the specified set of information. A protection measure effective range determination means for determining a protection measure effective range that is a set of information to which the authentication method is applied ;
It is correspondence information between the information and the range to which the information belongs by comparing at least three ranges of the referenceable range, the recommended reference range, and the protective treatment effective range . The referenceable range, the recommended reference range, and the protection Information belonging to the treatment effective range, information belonging only to the referenceable range, information belonging to only the recommended reference range, information belonging to only the protective treatment effective range, reference recommendation belonging to the referenceable range and the protective treatment effective range Correspondence that represents information that does not belong to the scope, information that belongs to the recommended reference range and the effective range of protective action and does not belong to the referable range, and information that belongs to the referable range and recommended reference range and does not belong to the protective action effective range A range comparison means for creating relationship information ;
An information management system comprising: range display means for displaying the correspondence information . As information related to each information referrer who wants to refer to the information, identification information of the information referrer including the ID or name of the information referrer and attribute information of the information referrer including a keyword related to the information referrer are stored. Information referrer attribute storage means;
Means for storing a useful information word that is a word indicating that the information can correspond to useful information by being included in the information;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
For each piece of information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information contains a useful information word on the condition that the information includes a useful information word. Content determination means for determining that it satisfies the criteria for including ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means, a predetermined value determined in advance for each piece of information that satisfies the criterion of including a useful information word Count the number of keywords that match or are similar to the useful information word included in the information among the keywords related to the information referrer, and identify the information whose count result is equal to or greater than a predetermined threshold. Range determining means for determining the specified set of information as a recommended reference range that is a set of information determined to be useful for the predetermined information reference person ;
The information processing apparatus and application software used by the predetermined information referer identify information to which an authentication method is applied, and the predetermined information referer actually refers to the specified set of information. Current referenceable range determination means for determining a current referenceable range that is a set of information that can be performed ;
At least two ranges of the recommended reference range and the current referenceable range are compared, and information on the correspondence relationship between the information and the range to which the information belongs, information belonging only to the recommended reference range, the recommended reference range, and the current recommended range. Range comparison means for creating correspondence information representing information belonging to the referenceable range and information belonging to only the current referenceable range ;
An information management system comprising: range display means for displaying the correspondence information . As data related to each information referrer who wants to refer to the information, identification information of the information referrer including the ID or name of the information referrer, an authentication method that the information referer can handle when referring to the information, and an information referrer Information referer attribute storage means for storing attribute information of an information referrer including related keywords ;
Means for storing a useful information word that is a word indicating that the information can correspond to useful information by being included in the information;
For each information referrer, an information processing device used by each information referrer and a device that stores information indicating application software, etc.
For each piece of information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information contains a useful information word on the condition that the information includes a useful information word. Content determination means for determining that it satisfies the criteria for including ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means, a predetermined value determined in advance for each piece of information that satisfies the criterion of including a useful information word Count the number of keywords that match or are similar to the useful information word included in the information among the keywords related to the information referrer, and identify the information whose count result is equal to or greater than a predetermined threshold. Range determining means for determining the specified set of information as a recommended reference range that is a set of information determined to be useful for the predetermined information reference person ;
The information processing apparatus and application software used by the predetermined information referer identify information to which an authentication method is applied, and the predetermined information referer actually refers to the specified set of information. Current referenceable range determination means for determining a current referenceable range that is a set of information that can be performed ;
The predetermined information referer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referer can handle the specified set of information. A protection measure effective range determination means for determining a protection measure effective range that is a set of information to which the authentication method is applied ;
Compare at least three ranges of the recommended reference range, the current referable range, and the protective action effective range, and correspondence information between information and the range to which the information belongs, and information that belongs only to the recommended reference range Information that belongs to the recommended reference range and belongs to only one of the current referenceable range and the protective action effective range, information that belongs to the recommended reference range, the current referenceable range, and the protective action effective range, and the recommended reference range Information that belongs to the current referenceable range and the protective treatment effective range, and that does not belong to the recommended reference range and belongs to only one of the current referenceable range and the protective treatment effective range, respectively. A range comparison means for creating correspondence information ;
An information management system comprising: range display means for displaying the correspondence information . As data related to each information referrer who wants to refer to the information, identification information of the information referrer including the ID or name of the information referrer, an authentication method that the information referer can handle when referring to the information, and an information referrer Information referer attribute storage means for storing attribute information of an information referrer including related keywords ;
Means for storing a useful information word that is a word indicating that the information can correspond to useful information by being included in the information;
For each piece of information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information contains a useful information word on the condition that the information includes a useful information word. Content determination means for determining that it satisfies the criteria for including ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the content determination means, a predetermined value determined in advance for each piece of information that satisfies the criterion of including a useful information word Count the number of keywords that match or are similar to the useful information word included in the information among the keywords related to the information referrer, and identify the information whose count result is equal to or greater than a predetermined threshold. Range determining means for determining the specified set of information as a recommended reference range that is a set of information determined to be useful for the predetermined information reference person ;
The predetermined information referer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referer can handle the specified set of information. A protection measure effective range determination means for determining a protection measure effective range that is a set of information to which the authentication method is applied ;
At least two ranges of the recommended reference range and the effective range of protection treatment are compared, and correspondence information between the information and the range to which the information belongs, information belonging only to the recommended reference range, the recommended reference range and the protection Range comparison means for creating correspondence information respectively representing information belonging to the treatment effective range and information belonging only to the protective treatment effective range ;
An information management system comprising: range display means for displaying the correspondence information . The content determination means assumes that information including a word partially matching the confidential information word is confidential information, determines the type of the assumed confidential information based on the type of the confidential information word,
The range determination means refers to the position of the predetermined information reference in the organization, and the assumed type of confidential information is information that can be referred to by the information reference corresponding to the positioning. The set of information assumed to be confidential information may be information that constitutes a referenceable range, but it is an uncertain set that is a set of information that cannot be said to constitute the referenceable range reliably. And
The information management system according to any one of claims 42 to 44 and 46 to 49 , wherein the range display means displays information belonging to the uncertain set . Range determination means, for each information that meet the criteria that they contain useful information words, among the keywords associated with a given information reference person, identical or similar useful information word included in the information keywords The count result is less than a predetermined threshold value, but the information in which the difference between the count value and the threshold value is within a predetermined value is specified, and the specified set of information is It may be information that constitutes the recommended reference range, but it is determined as an uncertain set that is a set of information that cannot be said to constitute the recommended recommended range.
The information display system according to any one of claims 42 to 44 and claim 49 to claim 52 , wherein the range display means displays information belonging to the uncertain set . The range display means displays individual ranges to which each information classified in the correspondence information belongs,
A specifying means for specifying the individual ranges ;
The information management system according to any one of claims 42 to 54 , wherein the range display unit displays information belonging to the range designated by the designation unit based on the correspondence information. The information of one range indicated by the correspondence information that has been displayed on a range display unit of claim 42 comprising a range operation means for receiving an operation to move to another range according to any one of claims 55 Information management system. 57. The apparatus according to claim 56 , further comprising an arrangement changing unit that changes a storage area in which information is stored in response to an operation of moving one range of information indicated by the correspondence relationship information displayed on the range display unit to another range. Information management system. The data related to each information referrer who wants to refer to the information includes identification information of the information referrer including the ID or name of the information referrer, the position of the information referrer in the organization, and keywords related to the information referrer. Information referrer attribute storage means for storing attribute information of the information referer, and a confidential information word that is included in the information and that corresponds to confidential information for each type of confidential information Means for storing a useful information word that is a word indicating that the information can correspond to useful information by being included in the information ;
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word The type of the confidential information is determined based on the type of the information, and the condition that the predetermined information includes the useful information word is determined on the condition that the predetermined information includes the useful information word. the process of,
An organization that can refer to the type of confidential information of predetermined information that satisfies the criteria of confidential information based on the data related to each information reference stored in the information reference attribute storage means and the determination result of the processing Disclosure scope that is a set of information referrers that can identify information referers corresponding to their positioning within the group, and can refer to the specified set of information referrers without any security problems And count the number of keywords that match or are similar to the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer, Information that should be recommended to identify an information referrer whose count result is equal to or greater than a predetermined threshold and to refer to the predetermined information for the set of identified information referrer. Process of determining that the set of reference's disclosure recommended range,
Comparing at least two ranges of the disclosure possible range and the disclosure recommended range, the correspondence information of the information reference person and the range to which the information reference person belongs, and the information reference person belonging only to the disclosure possible range, A process of creating correspondence information representing information referers belonging to the disclosure possible range and the disclosure recommended range and information referers belonging only to the disclosure recommended range , and
An information management program for executing processing for displaying the correspondence information . The data related to each information referrer who wants to refer to the information , the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer within the organization, and the information referer corresponds when referring to the information Information referer attribute storage means for storing possible authentication methods and attribute information of the information referrer including keywords related to the information referrer, and that the information corresponds to confidential information by being included in the information Means for storing a confidential information word for each type of confidential information and storing a useful information word that is a word indicating that the information can correspond to useful information by being included in the information On a computer with
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word The type of the confidential information is determined based on the type of the information, and the condition that the predetermined information includes the useful information word is determined on the condition that the predetermined information includes the useful information word. the process of,
An organization that can refer to the type of confidential information of predetermined information that satisfies the criteria of confidential information based on the data related to each information reference stored in the information reference attribute storage means and the determination result of the processing Disclosure scope that is a set of information referrers that can identify information referers corresponding to their positioning within the group, and can refer to the specified set of information referrers without any security problems And count the number of keywords that match or are similar to the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer, Information that should be recommended to identify an information referrer whose count result is equal to or greater than a predetermined threshold and to refer to the predetermined information for the set of identified information referrer. Process of determining that the set of reference's disclosure recommended range,
Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information referer, the information referer who can handle the authentication method applied to the predetermined information is identified and identified. A process for determining a set of information referrers as a protective action effective range that is a set of information referrers determined to be able to refer to the predetermined information ;
Comparing at least three ranges of the disclosure possible range, the disclosure recommendation range, and the protective treatment effective range, it is correspondence information between the information reference person and the range to which the information reference belongs, and the disclosure possible range and the disclosure Information referer belonging to the recommended range and effective scope of protection measures, information referer belonging to only the disclosure possible range, information referer belonging only to the recommended disclosure range, information referer belonging only to the protective measure effective range, disclosure Information referer who belongs to the scope of disclosure and effective scope of protection measures and does not belong to the recommended disclosure range, information reference person who belongs to recommended disclosure range and effective scope of protection measures and does not belong to the disclosure scope, disclosure possible range and recommended disclosure range A process of creating correspondence information representing information referers that belong to and do not belong to the scope of protection treatment , and
An information management program for executing processing for displaying the correspondence information . The data related to each information referrer who wants to refer to the information , the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer within the organization, and the information referer corresponds when referring to the information Information referer attribute storage means for storing possible authentication methods and attribute information of the information referrer including keywords related to the information referrer, and that the information corresponds to confidential information by being included in the information Means for storing a confidential information word for each type of confidential information and storing a useful information word that is a word indicating that the information can correspond to useful information by being included in the information , for each information referring person, and an information processing apparatus and a device such as a usability status storage means for storing information indicating the application software each information reference's use In the example was a computer,
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word The type of the confidential information is determined based on the type of the information, and the condition that the predetermined information includes the useful information word is determined on the condition that the predetermined information includes the useful information word. the process of,
An organization that can refer to the type of confidential information of predetermined information that satisfies the criteria of confidential information based on the data related to each information reference stored in the information reference attribute storage means and the determination result of the processing Disclosure scope that is a set of information referrers that can identify information referers corresponding to their positioning within the group, and can refer to the specified set of information referrers without any security problems And count the number of keywords that match or are similar to the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer, Information that should be recommended to identify an information referrer whose count result is equal to or greater than a predetermined threshold and to refer to the predetermined information for the set of identified information referrer. Process of determining that the set of reference's disclosure recommended range,
Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information referer, the information referer who can handle the authentication method applied to the predetermined information is identified and identified. A process for determining a set of information referrers as a protective action effective range that is a set of information referrals determined to be able to refer to the predetermined information ;
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. A process for determining as a current disclosure range that is a set of possible information reference persons ,
Comparing at least four ranges of the disclosure possible range, the disclosure recommendation range, the protective treatment effective range, and the current disclosure range, it is correspondence information between the information reference and the range to which the information reference belongs, Information referrer that belongs only to the disclosure scope, information referrer that belongs only to the recommended disclosure scope, information referer that belongs to the disclosure possible scope and the recommended disclosure scope, and does not belong to the effective scope of protection and the current disclosure scope, and disclosure Information reference that belongs to possible range, recommended disclosure range, effective range of protective action and current disclosure range, belongs to possible disclosure range and recommended disclosure range, and belongs only to either effective range of protective action or current disclosed range An information referer, an information referrer that does not belong to the disclosure scope and recommended disclosure range, and that belongs to the protective action effective range and the current disclosure range; Information referer belonging to the scope of effective protection and the current disclosure range, information referer belonging to the recommended disclosure range and not belonging to the disclosure possible range, and information referer belonging to the protection treatment effective range and the current disclosure range, and belonging to the disclosure possible range Information referer that does not belong to the recommended range and belongs only to one of the effective range of protection measures or the current disclosure range, and belongs to the recommended disclosure range, does not belong to the disclosure range, and the effective range of protection measures and the current disclosure range Corresponding to information referents that belong only to one of the above, and information referers that do not belong to the disclosureable range or recommended disclosure range and belong to only one of the effective range of protection measures or the current disclosure range Processing to create relationship information , and
An information management program for executing processing for displaying the correspondence information . The data related to each information reference person who wants to refer to the information includes the identification information of the information reference person including the ID or name of the information reference person and the information reference person including the authentication method that the information reference person can handle when referring to the information. An information referrer attribute storage unit for storing attribute information, and an information storage device used by each information referer and a usable status storage unit such as a device for storing information indicating application software for each information referer On the computer,
Corresponding to the authentication method applied to the predetermined information based on the authentication method applied to the predetermined information that can be referred to by the information referer and the authentication method that can be handled by the information referer A process of identifying possible information referers, and determining the specified set of information referers as a protection action effective range that is a set of information referrals determined to be able to refer to the predetermined information ;
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. A process for determining as a current disclosure range that is a set of possible information reference persons ,
Comparing at least two ranges of the protective treatment effective range and the current disclosure range, it is correspondence information between the information reference person and the range to which the information reference belongs, and the protective treatment effective range and the current disclosure range A process of creating correspondence information that respectively represents information referers belonging to, and information referers belonging to only one of the protective action effective range and the current disclosure range , and
An information management program for executing processing for displaying the correspondence information . The data related to each information referrer who wants to refer to information includes the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer in the organization, and the information referer when referring to the information. Information referrer attribute storage means for storing attribute information of an information referrer including authentication methods that can be handled, and a confidential information word that is included in the information and that corresponds to confidential information On a computer equipped with a means for storing confidential information for each type of confidential information ,
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word Processing to determine the type of sensitive information based on the type of
An organization that can refer to the type of confidential information of predetermined information that satisfies the criteria of confidential information based on the data related to each information reference stored in the information reference attribute storage means and the determination result of the processing Disclosure scope that is a set of information referrers that can identify information referrers corresponding to their positioning within the group and can refer to the specified set of information referrers without any problem of confidentiality Process to determine ,
Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information referer, the information referer who can handle the authentication method applied to the predetermined information is identified and identified. A process for determining a set of information referrers as a protective action effective range that is a set of information referrers determined to be able to refer to the predetermined information ;
Comparing at least two ranges of the disclosure possible range and the protective treatment effective range, it is correspondence information between the information reference person and the range to which the information reference person belongs, and the information reference person belongs only to the disclosure possible range. A process of creating correspondence information representing information referents belonging to the disclosure possible range and the protective treatment effective range, and information referers belonging only to the protective treatment effective range , and
An information management program for executing processing for displaying the correspondence information . The data related to each information reference person who wants to refer to the information includes the identification information of the information reference person including the ID or name of the information reference person, the position of the information reference person in the organization, and the information reference person at the time of referring to the information. Information referrer attribute storage means for storing attribute information of an information referrer including an authentication method that can be handled, and a confidential information word that is included in the information and that corresponds to confidential information For each type of confidential information, and for each information referrer, an information processing device used by each information referrer and an apparatus for storing information indicating application software, etc. ,
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word Processing to determine the type of sensitive information based on the type of
An organization that can refer to the type of confidential information of predetermined information that satisfies the criteria of confidential information based on the data related to each information reference stored in the information reference attribute storage means and the determination result of the processing Disclosure scope that is a set of information referrers that can identify information referrers corresponding to their positioning within the group and can refer to the specified set of information referrers without any problem of confidentiality Process to determine ,
Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information referer, the information referer who can handle the authentication method applied to the predetermined information is identified and identified. A process for determining a set of information referrers as a protective action effective range that is a set of information referrals determined to be able to refer to the predetermined information ;
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. A process for determining as a current disclosure range that is a set of possible information reference persons ,
Comparing at least three ranges of the disclosure possible range, the protective treatment effective range, and the current disclosure range, it is correspondence information between the information referrer and the range to which the information referer belongs, and is only included in the disclosure possible range. Information referer who belongs, information referer who belongs to the disclosure possible range, and belongs to only one of the protection effective range and the current disclosure range, and the information that belongs to the disclosure possible range, the protective treatment effective range and the current disclosure range A reference person, an information reference person who does not belong to the disclosure scope, and belongs to the scope of protection treatment and the current disclosure scope, and a person who does not belong to the disclosure scope and does not belong to the disclosure scope, and only one of the protection scope and the current disclosure scope. A process of creating correspondence information representing each information referer belonging to , and
An information management program for executing processing for displaying the correspondence information . As data related to each information reference person who wants to refer to information, identification information of the information reference person including the ID or name of the information reference person, and attribute information of the information reference person including the position of the information reference person in the organization Information referrer attribute storage means for storing, means for storing for each type of confidential information a confidential information word that is included in the information, and the information will be classified as confidential information, and an information referencer For each computer with an information processing device used by each information referrer and a usable status storage means such as a device for storing information indicating application software ,
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word Processing to determine the type of sensitive information based on the type of
An organization that can refer to the type of confidential information of predetermined information that satisfies the criteria of confidential information based on the data related to each information reference stored in the information reference attribute storage means and the determination result of the processing Disclosure scope that is a set of information referrers that can identify information referrers corresponding to their positioning within the group and can refer to the specified set of information referrers without any problem of confidentiality Process to determine ,
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. A process for determining as a current disclosure range that is a set of possible information reference persons ,
Comparing at least two ranges of the disclosure possible range and the current disclosure range , correspondence information between the information reference person and the range to which the information reference belongs, and an information reference person belonging only to the disclosure possible range; A process of creating correspondence information representing information referers belonging to the disclosure possible range and the current disclosure range, and information referers belonging to only the current disclosure range , and
An information management program for executing processing for displaying the correspondence information . The data related to each information referrer who wants to refer to the information includes identification information of the information referrer including the ID or name of the information referrer, the position of the information referrer in the organization, and keywords related to the information referrer. Information referrer attribute storage means for storing attribute information of the information referer, and a confidential information word that is included in the information and that corresponds to confidential information for each type of confidential information Means for storing a useful information word, which is a word indicating that the information can correspond to useful information by being included in the information, and information used by each information reference person for each information reference person In a computer equipped with a usable status storage means such as a device for storing information indicating a processing device and application software ,
On the condition that the predetermined information that may be referred to by the information reference includes a confidential information word, it is determined that the predetermined information satisfies the standard of confidential information, and the confidential information word The type of the confidential information is determined based on the type of the information, and the condition that the predetermined information includes the useful information word is determined on the condition that the predetermined information includes the useful information word. the process of,
An organization that can refer to the type of confidential information of predetermined information that satisfies the criteria of confidential information based on the data related to each information reference stored in the information reference attribute storage means and the determination result of the processing Disclosure scope that is a set of information referrers that can identify information referers corresponding to their positioning within the group, and can refer to the specified set of information referrers without any security problems And count the number of keywords that match or are similar to the useful information word included in the predetermined information that satisfies the criteria of including the useful information word among the keywords related to the information referrer, Information that should be recommended to identify an information referrer whose count result is equal to or greater than a predetermined threshold and to refer to the predetermined information for the set of identified information referrer. Process of determining that the set of reference's disclosure recommended range,
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. A process for determining as a current disclosure range that is a set of possible information reference persons ,
Comparing at least three ranges of the disclosure possible range, the disclosure recommendation range, and the current disclosure range, it is correspondence information between the information reference person and the range to which the information reference belongs, and the disclosure possible range and the disclosure recommendation Information referer belonging to the scope and the present disclosure scope, information referer belonging only to the disclosure possible scope, information referer belonging to only the disclosure recommended scope, information referer belonging only to the current disclosure scope, Information referer who belongs to the current disclosure range and does not belong to the recommended disclosure range, information referer who belongs to the recommended disclosure range and the present disclosure range and does not belong to the disclosure possible range, and the present disclosure that belongs to the disclosure possible range and the recommended disclosure range A process of creating correspondence information representing information referers that do not belong to the scope , and
An information management program for executing processing for displaying the correspondence information . As data related to each information referrer who wants to refer to the information, the identification information of the information referrer including the ID or name of the information referrer, the authentication method that the information referer can handle when referring to the information, and the information referer Information referer attribute storage means for storing attribute information of an information referrer including related keywords, and a useful information word that is a word indicating that the information can correspond to useful information by being included in the information A computer having means for storing ,
A process of determining that the predetermined information that may be referred to by the information reference includes a useful information word, and that the predetermined information satisfies a criterion that the useful information word is included ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the process, the criterion that a useful information word is included among the keywords related to the information referer is satisfied. Count the number of keywords that match or are similar to the useful information word included in the predetermined information, identify the information referrer whose count result is equal to or greater than a predetermined threshold, and identify the identified information referrer A process of determining a set of recommended information as a disclosure recommended range that is a set of information referees who are recommended to refer to the predetermined information ;
Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information referer, the information referer who can handle the authentication method applied to the predetermined information is identified and identified. A process for determining a set of information referrers as a protective action effective range that is a set of information referrers determined to be able to refer to the predetermined information ;
Compare at least two ranges of the recommended disclosure range and the protective action effective range , and information on correspondence between the information reference person and the range to which the information reference belongs, and an information reference person belonging only to the recommended disclosure range , A process of creating correspondence information representing information referents belonging to the disclosure recommendation range and the protective treatment effective range and information referers belonging to only the protective treatment effective range ,
An information management program for executing processing for displaying the correspondence information . As data related to each information referrer who wants to refer to information, identification information of the information referrer including the ID or name of the information referrer, an authentication method that can be handled by the information referer when referring to the information, Information referer attribute storage means for storing attribute information of an information referrer including related keywords, and a useful information word that is a word indicating that the information can correspond to useful information by being included in the information A computer having storage means, and an information processing device used by each information referrer and an information storage device such as a device that stores information indicating application software for each information referer ,
A process of determining that the predetermined information that may be referred to by the information reference includes a useful information word, and that the predetermined information satisfies a criterion that the useful information word is included ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the process, the criterion that a useful information word is included among the keywords related to the information referer is satisfied. Count the number of keywords that match or are similar to the useful information word included in the predetermined information, identify the information referrer whose count result is equal to or greater than a predetermined threshold, and identify the identified information referrer A process of determining a set of recommended information as a disclosure recommended range that is a set of information referees who are recommended to refer to the predetermined information ;
Based on the authentication method applied to the predetermined information and the authentication method that can be handled by the information referer, the information referer who can handle the authentication method applied to the predetermined information is identified and identified. A process for determining a set of information referrers as a protective action effective range that is a set of information referrals determined to be able to refer to the predetermined information ;
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. A process for determining as a current disclosure range that is a set of possible information reference persons ,
Comparing at least three ranges of the recommended disclosure range, the protective action effective range, and the current disclosure range, it is correspondence information between the information reference person and the range to which the information reference belongs, and only the recommended disclosure range Information referers who belong to, only information disclosure who belongs to only the recommended disclosure range, and belong to only one of the protection effective range and the current disclosure range, and belong to the recommended disclosure range, the protective treatment effective range, and the current disclosure range Information referrer, information referrer that does not belong to the recommended disclosure range, and belongs to the protective action effective range and the current disclosure range, and does not belong to the recommended disclosure range, and either the effective protective measure range or the current disclosed range Processing for creating correspondence information respectively representing information referers belonging to only , and
An information management program for executing processing for displaying the correspondence information . As information about each information reference person who wants to refer to the information, identification information of the information reference person including the ID or name of the information reference person and attribute information of the information reference person including a keyword related to the information reference person are stored. Information referer attribute storage means , means for storing useful information words, which are words indicating that the information can correspond to useful information by being included in the information, and each information reference person for each information reference person In a computer provided with an information processing device used by the computer and a usable status storage means such as a device for storing information indicating application software ,
A process of determining that the predetermined information that may be referred to by the information reference includes a useful information word, and that the predetermined information satisfies a criterion that the useful information word is included ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the process, the criterion that a useful information word is included among the keywords related to the information referer is satisfied. Count the number of keywords that match or are similar to the useful information word included in the predetermined information, identify the information referrer whose count result is equal to or greater than a predetermined threshold, and identify the identified information referrer A process of determining a set of recommended information as a disclosure recommended range that is a set of information referees who are recommended to refer to the predetermined information ;
It is possible to identify an information referrer who uses an information processing apparatus and application software corresponding to an authentication method applied to predetermined information, and actually refer to the predetermined information for the specified set of information referrers. A process for determining as a current disclosure range that is a set of possible information reference persons ,
Comparing at least two ranges of the recommended disclosure range and the current disclosed range, information corresponding to an information reference and a range to which the information reference belongs, and an information reference belonging to only the recommended disclosure range; A process of creating correspondence information representing information referers belonging to the disclosure recommendation range and the current disclosure range, and information referers belonging only to the current disclosure range , and
An information management program for executing processing for displaying the correspondence information . The data related to each information referrer who wants to refer to the information includes identification information of the information referrer including the ID or name of the information referrer, the position of the information referrer in the organization, and keywords related to the information referrer. Information referrer attribute storage means for storing attribute information of the information referer, and a confidential information word that is included in the information and that corresponds to confidential information for each type of confidential information Means for storing a useful information word that is a word indicating that the information can correspond to useful information by being included in the information ;
For each piece of information stored in a predetermined storage area, it is determined that the information includes confidential information word, and the information is classified as confidential information. A process for determining the type of confidential information based on the information, and determining that the information includes a useful information word on the condition that the information includes a useful information word ;
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the process , the position within the organization of a predetermined information referrer determined in advance is referred to, and it corresponds to the position The information corresponding to the kind of confidential information that can be referred to by the information referer is identified, and the specified set of information is a set of information that can be referred to by the predetermined information referer without any problem of confidentiality. For each piece of information that satisfies the criteria of determining a certain referenceable range and including a useful information word, it matches the useful information word included in the information among the keywords related to the predetermined information reference or The number of similar keywords is counted, information whose count result is equal to or greater than a predetermined threshold is specified, and the specified set of information is determined for the predetermined information reference person Process of determining a reference recommended range is a set of information that is determined to be use,
Compare at least two ranges of the referenceable range and the recommended reference range, and information on the correspondence relationship between the information and the range to which the information belongs, information that belongs only to the referenceable range, a referenceable range, and a reference recommendation A process of creating correspondence information representing information belonging to a range and information belonging only to a recommended reference range , and
An information management program for executing processing for displaying the correspondence information . The data related to each information referrer who wants to refer to the information includes identification information of the information referrer including the ID or name of the information referrer, the position of the information referrer in the organization, and keywords related to the information referrer. Information referrer attribute storage means for storing attribute information of the information referer, and a confidential information word that is included in the information and that corresponds to confidential information for each type of confidential information Means for storing a useful information word, which is a word indicating that the information can correspond to useful information by being included in the information, and information used by each information reference person for each information reference person In a computer equipped with a usable status storage means such as a device for storing information indicating a processing device and application software ,
For each information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information is confidential information on the condition that the information includes a confidential information word. The information includes the useful information word on the condition that the information includes the useful information word, and determines the type of the confidential information based on the type of the confidential information word. The process of determining that it meets the criteria
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the process , the position within the organization of a predetermined information referrer determined in advance is referred to, and it corresponds to the position The information corresponding to the kind of confidential information that can be referred to by the information referer is identified, and the specified set of information is a set of information that can be referred to by the predetermined information referer without any problem of confidentiality. For each piece of information that satisfies the criteria of determining a certain referenceable range and including a useful information word, it matches the useful information word included in the information among the keywords related to the predetermined information reference or The number of similar keywords is counted, information whose count result is equal to or greater than a predetermined threshold is specified, and the specified set of information is determined for the predetermined information reference person Process of determining a reference recommended range is a set of information that is determined to be use,
The information processing apparatus and application software used by the predetermined information referer identify information to which an authentication method is applied, and the predetermined information referer actually refers to the specified set of information. process of determining the current reference range, which is a collection of information that may be,
It is correspondence information between the information and the range to which the information belongs by comparing at least three ranges of the referenceable range, the recommended reference range, and the current referenceable range, and the referenceable range, the recommended reference range, and the current recommended range. Information belonging to the referenceable range, information belonging only to the referenceable range, information belonging to only the recommended reference range, information belonging to only the current referenceable range, reference recommendation belonging to the referenceable range and the current referenceable range Correspondence indicating information that does not belong to the range, information that belongs to the recommended reference range and the current referenceable range and does not belong to the referenceable range, and information that belongs to the referenceable range and the recommended reference range and does not belong to the current referenceable range Processing to create relationship information , and
An information management program for executing processing for displaying the correspondence information . The data related to each information referrer who wants to refer to the information , the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer within the organization, and the information referer corresponds when referring to the information Information referer attribute storage means for storing possible authentication methods and attribute information of the information referrer including keywords related to the information referrer, and that the information corresponds to confidential information by being included in the information Means for storing a confidential information word for each type of confidential information and storing a useful information word that is a word indicating that the information can correspond to useful information by being included in the information , for each information referring person, and an information processing apparatus and a device such as a usability status storage means for storing information indicating the application software each information reference's use In the example was a computer,
For each information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information is confidential information on the condition that the information includes a confidential information word. The information includes the useful information word on the condition that the information includes the useful information word, and determines the type of the confidential information based on the type of the confidential information word. The process of determining that it meets the criteria
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the process , the position within the organization of a predetermined information referrer determined in advance is referred to, and it corresponds to the position The information corresponding to the kind of confidential information that can be referred to by the information referer is identified, and the specified set of information is a set of information that can be referred to by the predetermined information referer without any problem of confidentiality. For each piece of information that satisfies the criteria of determining a certain referenceable range and including a useful information word, it matches the useful information word included in the information among the keywords related to the predetermined information reference or The number of similar keywords is counted, information whose count result is equal to or greater than a predetermined threshold is specified, and the specified set of information is determined for the predetermined information reference person Process of determining a reference recommended range is a set of information that is determined to be use,
The information processing apparatus and the application software used by the predetermined information referer identify information to which an authentication method is applied, and the predetermined information referer actually refers to the identified set of information. A process for determining the current referenceable range as a set of information that can be
The predetermined information referenceer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referencer can handle the specified set of information. A process for determining a protection treatment effective range that is a set of information to which the authentication method is applied ;
It is correspondence information of information and the range to which the information belongs by comparing at least four ranges of the referenceable range, the recommended reference range, the current referenceable range, and the protective treatment effective range. Information that belongs only to the recommended reference range, information that belongs to the referenceable range and recommended reference range, does not belong to the current referenceable range and safeguard effective range, referenceable range, recommended reference range, and current Information belonging to the referenceable range and the protective action effective range, information belonging to the referenceable range and the recommended reference range, and belonging to only one of the current referenceable range and the protective action effective range, the referenceable range and the reference Information that does not belong to the recommended range, belongs to the current referenceable range and the effective range of protection measures, belongs to the referenceable range, does not belong to the recommended recommended range, and has the current referenceable range and protective measures. Information that belongs to the range, belongs to the recommended reference range, does not belong to the referenceable range, belongs to the current referenceable range and the protective action effective range, belongs to the referenceable range, does not belong to the recommended reference range, and is currently referenced Information belonging to only one of the possible range and the protective treatment effective range, information belonging to the recommended reference range and not belonging to the referenceable range, and belonging to only one of the current referenceable range and the protective treatment effective range, A process of creating correspondence information that does not belong to the referenceable range and the recommended reference range, and that respectively represents information that belongs to only one of the current referenceable range and the protective action effective range ; and
An information management program for executing processing for displaying the correspondence information . The data related to each information reference person who wants to refer to the information includes the identification information of the information reference person including the ID or name of the information reference person and the information reference person including the authentication method that the information reference person can handle when referring to the information. An information referrer attribute storage unit for storing attribute information, and an information storage device used by each information referer and a usable status storage unit such as a device for storing information indicating application software for each information referer On the computer,
The information processing apparatus and application software used by a predetermined predetermined information referer correspond to each information stored in a predetermined storage area and added with attribute information indicating an applied authentication method. Identifying the information to which the authentication method is applied, and determining the set of the specified information as a currently referable range that is a set of information that can be actually referred to by the predetermined information referer.
The predetermined information referenceer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referencer can handle the specified set of information. A process for determining a protection treatment effective range that is a set of information to which the authentication method is applied ;
Information on correspondence between information and the range to which the information belongs by comparing at least two ranges of the protective treatment effective range and the current referenceable range, and information belonging to the current referenceable range and the protective treatment effective range A process for creating correspondence information respectively representing information that belongs to only one of the current referable range and the protective action effective range , and
An information management program for executing processing for displaying the correspondence information . As data related to each information reference person who wants to refer to information, identification information of the information reference person including the ID or name of the information reference person, and attribute information of the information reference person including the position of the information reference person in the organization Information referrer attribute storage means for storing, means for storing for each type of confidential information a confidential information word that is included in the information, and the information will be classified as confidential information, and an information referencer For each computer with an information processing device used by each information referrer and a usable status storage means such as a device for storing information indicating application software ,
For each information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information is confidential information on the condition that the information includes a confidential information word. A process for determining the type of confidential information based on the type of confidential information word ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the process , the position within the organization of a predetermined information referrer determined in advance is referred to and corresponds to the position The information corresponding to the kind of confidential information that can be referred to by the information referer is specified, and the specified set of information is a set of information that can be referred to by the predetermined information referer without a problem of confidentiality. A process for determining a referenceable range ,
The information processing apparatus and application software used by the predetermined information referer identify information to which an authentication method is applied, and the predetermined information referer actually refers to the specified set of information. process of determining the current reference range, which is a collection of information that may be,
Compare at least two ranges of the referenceable range and the current referenceable range, and information on the correspondence between the information and the range to which the information belongs, information that belongs only to the referenceable range, the referenceable range and the current referenceable range A process of creating correspondence information representing information belonging to the referable range and information belonging to the current referable range only ; and
An information management program for executing processing for displaying the correspondence information . The data related to each information reference person who wants to refer to the information includes the identification information of the information reference person including the ID or name of the information reference person, the position of the information reference person in the organization, and the information reference person at the time of referring to the information. Information referrer attribute storage means for storing attribute information of an information referrer including an authentication method that can be handled, and a confidential information word that is included in the information and that corresponds to confidential information For each type of confidential information, and for each information referrer, an information processing device used by each information referrer and an apparatus for storing information indicating application software, etc. ,
For each information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information is confidential information on the condition that the information includes a confidential information word. A process for determining the type of confidential information based on the type of confidential information word ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the process , the position within the organization of a predetermined information referrer determined in advance is referred to and corresponds to the position The information corresponding to the kind of confidential information that can be referred to by the information referer is specified, and the specified set of information is a set of information that can be referred to by the predetermined information referer without a problem of confidentiality. A process for determining a referenceable range ,
The information processing apparatus and the application software used by the predetermined information referer identify information to which an authentication method is applied, and the predetermined information referer actually refers to the identified set of information. A process for determining the current referenceable range as a set of information that can be
The predetermined information referenceer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referencer can handle the specified set of information. A process for determining a protection treatment effective range that is a set of information to which the authentication method is applied ;
Compare at least three ranges of the referenceable range, the current referenceable range, and the protective action effective range, and correspondence information between the information and the range to which the information belongs, and information that belongs only to the referenceable range , Information that belongs to the referenceable range and belongs to only one of the current referenceable range and the protective action effective range, information that belongs to the referenceable range, the current referenceable range, and the protective action effective range, and the referenceable range Information that belongs to the current referenceable range and the protective treatment effective range, and that does not belong to the referenceable range and belongs to only one of the current referenceable range and the protective treatment effective range, respectively. Processing to create correspondence information , and
An information management program for executing processing for displaying the correspondence information . The data related to each information referrer who wants to refer to information includes the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer in the organization, and the information referer when referring to the information. Information referrer attribute storage means for storing attribute information of an information referrer including authentication methods that can be handled, and a confidential information word that is included in the information and that corresponds to confidential information On a computer equipped with a means for storing confidential information for each type of confidential information ,
For each information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information is confidential information on the condition that the information includes a confidential information word. A process for determining the type of confidential information based on the type of confidential information word ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the process , the position within the organization of a predetermined information referrer determined in advance is referred to and corresponds to the position The information corresponding to the kind of confidential information that can be referred to by the information referer is specified, and the specified set of information is a set of information that can be referred to by the predetermined information referer without a problem of confidentiality. A process for determining a referenceable range ,
The predetermined information referenceer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referencer can handle the specified set of information. A process for determining a protection treatment effective range that is a set of information to which the authentication method is applied ;
Compare at least two ranges of the referenceable range and the protective treatment effective range, and information on correspondence between the information and the range to which the information belongs, information belonging only to the referenceable range, referenceable range and protection A process of creating correspondence information representing information belonging to the treatment effective range and information belonging only to the protective treatment effective range , and
An information management program for executing processing for displaying the correspondence information . The data related to each information referrer who wants to refer to the information , the information referrer's identification information including the ID or name of the information referrer, the position of the information referrer within the organization, and the information referer corresponds when referring to the information Information referer attribute storage means for storing possible authentication methods and attribute information of the information referrer including keywords related to the information referrer, and that the information corresponds to confidential information by being included in the information Means for storing a confidential information word for each type of confidential information and storing a useful information word that is a word indicating that the information can correspond to useful information by being included in the information On a computer with
For each information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information is confidential information on the condition that the information includes a confidential information word. The information includes the useful information word on the condition that the information includes the useful information word, and determines the type of the confidential information based on the type of the confidential information word. The process of determining that it meets the criteria
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the process , the position within the organization of a predetermined information referrer determined in advance is referred to, and it corresponds to the position The information corresponding to the kind of confidential information that can be referred to by the information referer is identified, and the specified set of information is a set of information that can be referred to by the predetermined information referer without any problem of confidentiality. For each piece of information that satisfies the criteria of determining a certain referenceable range and including a useful information word, it matches the useful information word included in the information among the keywords related to the predetermined information reference or The number of similar keywords is counted, information whose count result is equal to or greater than a predetermined threshold is specified, and the specified set of information is determined for the predetermined information reference person Process of determining a reference recommended range is a set of information that is determined to be use,
The predetermined information referenceer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referencer can handle the specified set of information. A process for determining a protection treatment effective range that is a set of information to which the authentication method is applied ;
It is correspondence information between the information and the range to which the information belongs by comparing at least three ranges of the referenceable range, the recommended reference range, and the effective protective treatment range, and the referenceable range, the recommended reference range, and the protection Information belonging to the action effective range, information belonging only to the referenceable range, information belonging to the recommended reference range only, information belonging to the protective action effective range only, reference recommendation belonging to the referenceable range and the protective action effective range Correspondence that represents information that does not belong to the scope, information that belongs to the recommended reference range and the effective range of protective action and does not belong to the referenceable range, and information that belongs to the referenceable range and recommended reference range and does not belong to the protective action effective range Processing to create relationship information , and
An information management program for executing processing for displaying the correspondence information . As information about each information reference person who wants to refer to the information, identification information of the information reference person including the ID or name of the information reference person and attribute information of the information reference person including a keyword related to the information reference person are stored. Information referer attribute storage means , means for storing useful information words, which are words indicating that the information can correspond to useful information by being included in the information, and each information reference person for each information reference person In a computer provided with an information processing device used by the computer and a usable status storage means such as a device for storing information indicating application software ,
For each piece of information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information contains a useful information word on the condition that the information includes a useful information word. Process to determine that it meets the criteria for inclusion ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the processing, a predetermined predetermined value is set for each piece of information satisfying the criterion that a useful information word is included. Count the number of keywords that match or are similar to the useful information word included in the information among the keywords related to the information referrer, identify the information whose count result is equal to or greater than a predetermined threshold, A process of determining the specified set of information as a recommended reference range that is a set of information determined to be useful for the predetermined information reference person ;
The information processing apparatus and application software used by the predetermined information referer identify information to which an authentication method is applied, and the predetermined information referer actually refers to the specified set of information. process of determining the current reference range, which is a collection of information that may be,
At least two ranges of the recommended reference range and the current referenceable range are compared, and information on the correspondence relationship between the information and the range to which the information belongs, information belonging only to the recommended reference range, the recommended reference range, and the current recommended range. A process of creating correspondence information representing information belonging to the referable range and information belonging to the current referable range only ; and
An information management program for executing processing for displaying the correspondence information . As data related to each information referrer who wants to refer to information, identification information of the information referrer including the ID or name of the information referrer, an authentication method that can be handled by the information referer when referring to the information, Information referer attribute storage means for storing attribute information of an information referrer including related keywords, and a useful information word that is a word indicating that the information can correspond to useful information by being included in the information A computer having storage means, and an information processing device used by each information referrer and an information storage device such as a device that stores information indicating application software for each information referer ,
For each piece of information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information contains a useful information word on the condition that the information includes a useful information word. Process to determine that it meets the criteria for inclusion ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the processing, a predetermined predetermined value is set for each piece of information satisfying the criterion that a useful information word is included. Count the number of keywords that match or are similar to the useful information word included in the information among the keywords related to the information referrer, identify the information whose count result is equal to or greater than a predetermined threshold, A process of determining the specified set of information as a recommended reference range that is a set of information determined to be useful for the predetermined information reference person ;
The information processing apparatus and the application software used by the predetermined information referer identify information to which an authentication method is applied, and the predetermined information referer actually refers to the identified set of information. A process for determining the current referenceable range as a set of information that can be
The predetermined information referenceer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referencer can handle the specified set of information. A process for determining a protection treatment effective range that is a set of information to which the authentication method is applied ;
Compare at least three ranges of the recommended reference range, the current referable range, and the protective action effective range, and correspondence information between information and the range to which the information belongs, and information that belongs only to the recommended reference range Information that belongs to the recommended reference range and belongs to only one of the current referenceable range and the protective action effective range, information that belongs to the recommended reference range, the current referenceable range, and the protective action effective range, and the recommended reference range Information that belongs to the current referenceable range and the protective treatment effective range, and that does not belong to the recommended reference range and belongs to only one of the current referenceable range and the protective treatment effective range, respectively. Processing to create correspondence information , and
An information management program for executing processing for displaying the correspondence information . As data related to each information referrer who wants to refer to the information, the identification information of the information referrer including the ID or name of the information referrer, the authentication method that the information referer can handle when referring to the information, and the information referer Information referer attribute storage means for storing attribute information of an information referrer including related keywords, and a useful information word that is a word indicating that the information can correspond to useful information by being included in the information A computer having means for storing ,
For each piece of information stored in a predetermined storage area and to which attribute information indicating an applied authentication method is added , the information contains a useful information word on the condition that the information includes a useful information word. Process to determine that it meets the criteria for inclusion ,
Based on the data related to each information referer stored in the information referrer attribute storage means and the determination result of the processing, a predetermined predetermined value is set for each piece of information satisfying the criterion that a useful information word is included. Count the number of keywords that match or are similar to the useful information word included in the information among the keywords related to the information referrer, identify the information whose count result is equal to or greater than a predetermined threshold, A process of determining the specified set of information as a recommended reference range that is a set of information determined to be useful for the predetermined information reference person ;
The predetermined information referenceer refers to an authentication method that can be handled, specifies information to which the authentication method is applied, and the predetermined information referencer can handle the specified set of information. A process for determining a protection treatment effective range that is a set of information to which the authentication method is applied ;
At least two ranges of the recommended reference range and the effective range of protection treatment are compared, and correspondence information between the information and the range to which the information belongs, information belonging only to the recommended reference range, the recommended reference range and the protection A process of creating correspondence information representing information belonging to the treatment effective range and information belonging only to the protective treatment effective range , and
An information management program for executing processing for displaying the correspondence information .

Images